Uber Hacked Again, Leaked Because Slack Application Used By Employees

Uber was hacked again. (photo: Twitter @uber)

JAKARTA - Uber Technologies Inc., said it was investigating a cybersecurity incident after reports of a network breach that forced the company to shut down some internal communications and engineering systems.

On Friday, September 16, Uber said it had no evidence that the incident involved access to sensitive user data such as trip history and that internal software the company retrieved after the hack was back online. Uber began investigating the cybersecurity incident on Thursday, September 15.

A hacker has allegedly hacked into employee accounts on workplace messaging app Slack and used it to send messages to Uber employees announcing that the company had suffered a data breach. This was first reported by the New York Times on Thursday, citing an Uber spokesperson.

Cybersecurity has been a problem for Uber in the past. They had experienced a significant hack in 2016 which exposed the personal information of about 57 million customers and their drivers.

Shares of ride-hailing companies fell nearly 4% last Friday amid a broader US market slump.

According to the Times report, it appears that hackers were able to gain access to other internal systems, posting explicit photos on the internal information page for employees.

"We are in touch with law enforcement and will post additional updates here as they become available," Uber said in a tweet, without providing further details.

Hackers claim to have gained access to security vulnerability information that HackerOne generated for Uber. Such confidential information can be used for further breaches in the company.

HackerOne said they are "in close contact with Uber's security team, have locked down their data, and will continue to assist with their investigation," according to Chris Evans, HackerOne's chief hacker.

Security researcher Bill Demirkapi said screenshots circulating online appeared to corroborate the hackers or hackers boasting that they had access to Uber's internal systems.

"This story is still evolving and these are some extreme claims, but there appears to be evidence to back it up," he said in a message posted to Twitter.

According to the NYT report, Uber employees are now being instructed not to use Salesforce Inc's office messaging app, Slack.

"I announce that I am a hacker and Uber has suffered a data breach," the message reads, and then lists several internal databases that are suspected to have been compromised, the report added.

Someone was responsible for the hack and told the paper that he had sent a text message to an Uber employee claiming to be the company's IT guy.

The worker was persuaded to hand over a password that allowed hackers to gain access to Uber's systems, the report said.

Uber's Chief Executive Officer, Dara Khosrowshahi, who took over the position a year after the 2016 hack, fired the then chief security officer, who was later accused of trying to cover up the breach.