Uber: No Evidence of Sensitive Data Breached in Security Incident


Uber’s computer network was breached Thursday, leading the ride-hailing giant to take several internal communications and engineering systems offline as it investigated the hack, as reported earlier by The New York Times.

Uber says its investigation is ongoing as of Friday at 10.30 a.m. PT but said there’s “no evidence that the incident involved access to sensitive user data.”

Uber, Uber Eats, Uber Freight and Uber Drive are all up and running on Friday, and Uber is now bringing back online its internal software tools.

On Thursday, the company had instructed employees not to use workplace messaging app Slack, the report said, citing two employees. Other internal systems were also inaccessible, the Times reported.

According to the Times, shortly before Slack was taken offline Thursday afternoon, Uber employees received a message on the app that read: “I announce I am a hacker and Uber has suffered a data breach.” The message also listed several internal databases that the hacker claimed had been compromised, the Times reported.

Uber had said in a statement that it was investigating a cybersecurity incident and is in contact with law enforcement officials.

The hacker, who said he was 18 years old, said he was motivated by what he called weak security and provided screenshots of internal Uber systems to prove his access, the Times reported.

The hacker sent the message through the app after compromising a worker’s account, Uber told the Times. The hacker apparently was also able to gain access to other internal systems, posting an explicit photo on an internal information page for employees, the newspaper reported.

Uber has been the victim of a hack before. In 2018, it agreed to a $148 million settlement over a 2016 data breach the ride-hailing service failed to disclose. Hackers were able to steal data on 57 million drivers and riders, including personal information such as names, email addresses and driver’s license number.

Rather than publicly disclosing the hack, which companies are required to do within a certain number of days in states like California, Uber paid the hackers $100,000 to delete the information and had them sign a nondisclosure agreement.

Joe Sullivan, who served as Uber’s security chief from April 2015 to November 2017, was indicted in 2020 for allegedly covering up the breach. Sullivan described the payment as a bug bounty reward, which companies often pay out to researchers who discover security flaws, but prosecutors said the payment was more of a coverup than a bounty reward.



Related Posts

Apple-AT&T Identity Thieves Sentenced to 4 Years in Prison

Two men were sentenced to 52 months in prison after pleading guilty to running a scheme where they fraudulently accessed more than 2,000 AT&T mobile accounts that…

Airlines May Finally Have to Refund You if Their Wi-Fi Doesn’t Work

The US Department of Transportation has proposed a new rule that would see flight passengers finally able to get refunds for services they paid for but didn’t…

ExpressVPN’s First VPN Router Aims for Smart Home-Wide Privacy

Virtual private network provider ExpressVPN announced the launch of its first router with a built-in VPN. On Thursday, the British Virgin Islands company said the Wi-Fi 6…

Don’t Miss Out on Windows 11’s 2022 Update. How to Download

The first big upgrade for Microsoft Windows 11 is here. Arriving just a couple weeks before the operating system’s first anniversary, the update enhances Windows 11 security features,…

Make Your iPhone 14 Pro’s Always-On Display Better With This Simple Trick

This story is part of Focal Point iPhone 2022, CNET’s collection of news, tips and advice around Apple’s most popular product. Sorry, but I don’t think Apple’s…

How to Fix the Most Annoying iOS 16 Features on Your iPhone

This story is part of Focal Point iPhone 2022, CNET’s collection of news, tips and advice around Apple’s most popular product. Apple released iOS 16 for the iPhone only a couple…