American mobility as a service provider is investigating a cybersecurity incident. A hacker compromised an Uber employee’s account and left messages on corporate Slack channels and Uber’s HackerOne account.
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” Uber tweeted on Thursday and turned off comments.
It provided no additional information about the potential hack. However, a hacker and bug bounty hunter Sam Curry painted quite a vivid picture of the incident. He said someone left the following message on Uber’s HackerOne, a vulnerability coordination and bug bounty platform, account.
“UBER HAS BEEN HACKED (domain admin, aws admin, vsphere admin, gsuite SA) AND THIS HACKERONE ACCOUNT HAS BEEN ALSO,” reads a message from HackerOne’s “Uber staff.”
The threat actor has likely accessed Uber HackerOne vulnerability reports. The already publicly disclosed records show that Uber is quite active on HackerOne.
The threat actor allegedly also logged in to Uber’s Slack, an office messaging platform, to notify the staff of the breach.
“I announce I am a hacker and Uber has suffered a data breach. Slack has been stolen, confidential data with Confluence, stash and 2 monorepos from phabricator have also been stolen, along with secrets from sneakers,” the message reads.
The threat actor also used the hashtag #uberunderpaisdrives [sic], pointing to Uber drivers' discontent about wages and benefits. Uber drivers have been protesting worldwide, asking for a higher salary. Just this Thursday, dozens of drivers went offline in different cities in Florida.
Uber’s employees were instructed not to use Slack and found their accounts inaccessible.
“At Uber, we got an “URGENT” email from IT security saying to stop using Slack. Now anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message “F*** you wankers,” Sam Curry quoted one of Uber’s employees.
The threat actor released some screenshots of what looks like internal Uber systems to support their claims.
More from Cybernews:
Subscribe to our newsletter