Uber confirmed yesterday (15) that it had suffered a hacker invasion. The attacker would be an 18-year-old, who even sent a message to corporate Slack [serviço de mensagens] announcing the invasion. Officials reportedly believed the statement was a joke.

The incident exposed Uber’s security, email and internal communication systems.

A screenshot, released by the Washington Post and which went viral on Twitter, shows the message sent by the young man.

“I announce that I am a hacker and that Uber has suffered a data breach,” he said. Then the company’s employees reacted with several emojis imagining it was a joke made by an employee.

Shortly after the attack, the cybercriminal released screenshots showing the transit giant’s internal systems such as the company’s AWS account console, VMware ESXi virtual machines, and a Google Workspace email dashboard, which he called “critical” against the security.

Several internal services were shut down and Uber notified local authorities about the attack.

“We are currently responding to a cybersecurity incident. We are in contact with authorities and will post additional updates here as they become available,” Uber said on its Twitter account.

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available. — Uber Comms (@Uber_Comms) September 16, 2022

Application has not been hacked

Despite the attack, the application’s operations were not affected and there are no indications that user data was compromised in the attack.

In addition to breaking into Uber’s internal system, the hacker would have gained access to the company’s source code. If confirmed, the risk is that it could leak it in the future, causing problems for Uber.

How was the invasion done?

To break into the company’s network, the hacker reported to the New York Times that he sent a message to an Uber employee claiming to be from the IT (Information Technology) team, convincing the professional to pass his access password.

What motivated the invasion, he said, was the goal of showing that Uber has weak security.

However, in the message published on Slack, he posted a hashtag suggesting that the company does not pay well the drivers of the platform, which can be understood that the attack was also a form of protest.

previous attack

This isn’t the first time Uber has been hacked. In 2016, after a hack into their system, personal information of 57 million people worldwide, including names, email addresses and phone numbers, was exposed.

In addition to information from about 600,000 US drivers registered on the platform.

At the time, two people accessed the information through “a third-party cloud-based service” used by Uber at the time.

*With Washington Post and New York Times information