Uber has suffered a cyberattack during the early hours of this Friday. An external actor has managed to break into their systems and has leaked sensitive company information, such as their financial data. The attacker, as he himself admitted to the New York Timesis a young man of 18 years.
The company has acknowledged having suffered a “cybersecurity incident” but for the moment has not given more details. “We are in contact with security forces and will post additional updates as they become available,” she said on her Twitter account.
As several sources have explained to the aforementioned media, the young man would have managed to infiltrate Uber’s systems thanks to a social engineering attack against one of his employees. The entry route would have been the company’s Slack, which its workers use to communicate, from where he would have jumped to its internal systems.
Once inside, the attacker has published the following message, the rest of the employees have detailed: “I announce that I am a hacker and Uber has suffered a data breach”. The attacker has published evidence of his access with screenshots of the company’s administration panel or its Amazon Web Services (AWS) instance, which is the one that provides the services to operate in the cloud.
Once inside, the young man has contacted the New York Times and several specialized cybersecurity researchers. The company has reacted by taking all of its internal communications systems and engineering platform offline.
At the moment there is no information that indicates that the attacker has leaked personal or banking data of Uber users.