Uber Hacker Was Reportedly a Teenager Who Posted Vulgar Content to Company SystemsThe rideshare company faced an internal hack late last week.
ByEmily Rella•
Uber fell victim to an internal hack last week and now the rideshare company is releasing information on who was behind it.
In surprise news, the culprit wasallegedlyan 18-year-old hacker who was able to get into Uber's internal systems (including G-suite and Slack) thus putting the company through a data breach.
The anonymous hacker came forward to theNew York Timesand told the outlet that he pretended to be an IT worker for Uber and sent an Uber employee a text message asking for his password which gave him access to the internal systems.
"An Uber EXT contractor had their account compromised by an attacker," Uber said in ablog postyesterday. "The attacker then repeatedly tried to log in to the contractor's Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in."
Uber explained that they believe the hacker (or hackers) are part of the group Lapsus$ — based on the techniques they used to get into Uber's systems — and are also responsible for hacks earlier this year at Microsoft, Samsung, and Cisco.
They are also believed to be behind the recent leak at Rockstar Games where footage from the newest iteration of thevideo gameCall of Dutywas compromised this week.
The company realized it had been compromised after the teenager posted a message to the company-wide slack channel.
Honestly kind of a classy way to hack someone@Uberpic.twitter.com/fFUA5xb3wv
— Colton (@ColtonSeal)September 16, 2022
When using Slack, employees were reportedly redirected to a pornographic image with subtext using expletives, persources on Twitter.
“我们正在与一些主要数字forensics firms as part of the investigation. We will also take this opportunity to continue to strengthen our policies, practices, and technology to further protect Uber against future attacks," Uber said.
The company maintained that none of its customer-facing services like Uber and Uber Eats had any compromised data, though the services were briefly impacted after internal tools had to be taken down on account of the hack.
Uber has had a rough go of it the past couple of years, after a dramatic exit by former CEO Travis Kalanick in 2017 brought to light allegations of sexual harassment and discrimination at the company.
The company also faced a separate leakearlier this summerwhen documents surfaced to the public showcasing questionable internal practices and company culture.
Uberwas downjust shy of 21% year over year as of Tuesday afternoon.