Uber cyber attack: the attacker claims access to corporate networks, databases and sensitive company information.
Uber is experiencing a turbulent few hours after late on Thursday an alleged cyberattacker posted a sinister message on the company's internal Slack forum. "I announce that I am a hacker and that Uber has suffered a security breach." The text was accompanied by dozens of emojis.
The New York Times has been the first media to report the computer incident that later the chauffeur-driven travel company itself has recognized through a brief tweet. "We are responding to a cybersecurity incident. We are in contact with the authorities and will publish news as we get to know them."
Along with the Times, other headlines such as The Washington Post have detailed what sensitive information the attacker could have accessed. The newspaper claims to have accessed screenshots shared with the attacker himself in his publication through the company's Slack channel.
Uber cyber attack
In these captures it is appreciated how the cybercriminal would have achieved extensive access to the corporate networks of the multinational. The images also show how the criminal's motivation would be to respond to the treatment that the firm gives to its drivers.
Through a platform that mediates between cybersecurity researchers and firms offering communication channels such as chat channels, the alleged attacker, in conversation with The Post, has described Uber's security as "painful" and has defended having carried out the attack "for fun". Consider the possibility of filtering the source code of the entire firm "in a few months".
The attacker would have even gained access to Uber's credentials on Amazon Web Services (AWS), its cloud provider, although this end is not yet confirmed.
Investigators who are following the incident for a few hours have been talking to Uber workers. One of them explains that it all started with a circular from the Information Technology department in which workers were asked not to access Slack until further notice.
Uber cyber attack data
The same employee has assured, anonymously, that every time he tries to open a web page from his corporate terminal, a web with pornographic material and a text that says: "Fuck you, asshole" opens. Meanwhile, the alleged attacker has continued to fill his Slack post with well-known memes, some with the characters of SpongeBob SquarePants.
Just two months ago, an international media consortium published the Uber Files, secret company documents such as emails. In them, it was appreciated how some managers of the firm deliberately ignored the fear suffered by their drivers before the protests of taxi drivers in cities halfway around the world.
Those information also showed how Uber designed a protocol similar to a 'panic button' with which they managed to prevent, in the face of surprise police searches at their headquarters, law enforcement agencies from accessing documents and data that could compromise the company.
Uber cyber attack scandal
In the wake of this recent scandal, the EU Ombudsman demanded to review the relations between the EU institutions and the lobbies of technology companies such as Uber.
It is not the first time that Uber has suffered a security hole that leads to a massive information leak, although the scope of this new incident is still unknown. In 2016, 2 individuals managed to access company data thanks to a cloud-based service from an Uber provider.
As a result of that incident, the data of 57 million people around the world was leaked, as well as the driver's licenses of about 600,000 of their drivers in the United States.
