Uber said connected Thursday that it is responding to a cybersecurity incidental aft a hacker reportedly breached the raid-hailing company’s web and compromised a fig of its internal systems.
“We are presently responding to a cybersecurity incident. We are successful interaction with instrumentality enforcement and volition station further updates present arsenic they go available,” the company said successful a statement connected Twitter.
Uber did not supply further details regarding the cybersecurity incident, however, The New York Times, which first reported the incident, said that a hacker managed to summation entree to the company’s office messaging app Slack and utilized it to station a connection to Uber employees.
“I denote I americium a hacker and uber has suffered a information breach,” the connection reportedly read.
According to the publication, Uber promptly took several of its interior communications and engineering systems offline portion it launched an probe into the grade of the breach.
Screenshots of the incidental obtained by The New York Times and The Washington Post showed the hacker claiming to person entree to a fig of Uber’s interior systems and firm networks.
According to the Washington Post, the hacker was prompted to behaviour a information breach owed to Uber’s attraction of its drivers.
Uber’s labor practices person repeatedly travel nether fire; the institution designates its drivers arsenic “contractors”, meaning they are not entitled to accrued worker’ rights, protections, and different benefits.
Simple Text Message
The idiosyncratic claiming to beryllium down the information breach told The New York Times that they had simply sent a substance connection to an Uber idiosyncratic pretending to be a firm IT idiosyncratic and were promptly provided with a password that allowed them to summation wide-reaching entree to Uber’s systems.
Rachel Tobac, the CEO of SocialProof Security, which helps bid firm’s connected however to defend against cyber criminals, wrote connected Twitter that determination has been a large summation in SMS phishing of late.
SMS phishing is 1 of the galore methods utilized by scam artists to lure radical into handing over their idiosyncratic oregon fiscal accusation via substance connection oregon different mobile messaging services similar WhatsApp.
“The idiosyncratic who claimed they conscionable hacked Uber is saying their method was: – Send SMS phish to Uber idiosyncratic arsenic IT Support – Steal credentials – Access Slack & interior systems,” Tobac wrote.
The adept hacker added that determination has been a emergence in SMS-based phishing due to the fact that it’s “working” and “becoming progressively good documented by attackers, and determination are present kits that marque it easier to make attacks to bargain passwords and MFA codes.”
She added that a Fast Identity Online (FIDO) key, which uses things similar fingerprint login and two-factor login to place users, apt would person helped to forestall Uber’s latest incident.
The Epoch Times has contacted Uber for comment.
Meanwhile, California-based Slack told Reuters successful a statement that it was investigating the breach but that it had not recovered immoderate grounds suggesting a vulnerability to its platform.
“Uber is simply a valued customer, and we are present to assistance them if they request us,” Slack, which is owned by Salesforce Inc, said.