Uber Investigating Breach of Its Computer Systems

Uber’s computer network was breached on Thursday, leading the company to take several of its internal communications and engineering systems offline as it investigated the extent of the hack.

Employees were instructed not to use the company’s internal messaging service, Slack, and found that other internal systems were inaccessible, said two employees, who were not authorized to speak publicly.

An Uber spokesman said the company was investigating the breach and contacting law enforcement officials.

Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read: “I announce I am a hacker and Uber has suffered a data breach.” The message went on to list several internal databases that the hacker claimed had been compromised.

The hacker compromised a worker’s Slack account and used it to send the message, the Uber spokesman said. It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees.

It was not the first time that a hacker has stolen data from Uber. In 2016, hackers stole information from 57 million driver and rider accounts, then approached Uber and demanded $100,000 to delete their copy of the data. Uber arranged the payment, but kept the breach a secret for more than a year.

Joe Sullivan, who was Uber’s top security executive at the time, was fired for his role in the company’s response to the hack. Mr. Sullivan was charged with obstructing justice for failing to disclose the breach to regulators and is currently on trial.

Lawyers for Mr. Sullivan have argued that other employees were responsible for regulatory disclosures and said the company had scapegoated Mr. Sullivan.

source: nytimes.com