A hacker claiming to be 18 years old breached Uber’s computer network Thursday, prompting the app-hail to shut down its company’s system after the cyberattacker barraged employees with obscene images and messages.
Uber workers were confronted by images of an male private parts and a message that said, ‘F**K YOU DUMB WANKERS,’ according to Sam Curry, an engineer at Yuga Labs who communicated with the hacker.
The tech company has asked law enforcement to investigate the hacker, identified only by the Telegram handle Tea Pot.
There was no indication that transport company fleet of vehicles or its operation was in any way affected.
Uber announced on Twitter that they had been hacked and were reporting the incident to law enforcement. The hacker sent messages to the ride-hail company workers, letting them know that their company computer system had been infiltrated. Some workers mocked the hacker, thinking it was some kind of joke
The hacker gained control of the account through HackerOne, a firm that helps companies work with security researchers, staff said.
‘They pretty much have full access to Uber,’ Curry told The New York Times. ‘This is a total compromise, from what it looks like.’
That includes obtaining complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data, he said.
Tea Pot was able to infiltrate the system by sending a worker a text claiming to be from the company’s IT team and convincing them to share their password, according to the Times.
Once he was in, he sent a message alerting the staff that their system had been compromised.
A hacker claiming to be 18 years old breached Uber’s computer network Thursday, prompting the app-hail to shut down its company’s system
Uber employees initially thought the episode was a joke and ‘instead of doing anything, a good portion of the staff was interacting and mocking the hacker’
‘I announce I am a hacker and Uber has suffered a data breach,’ the message said, according to the Times.
Uber employees initially thought the episode was a joke and ‘instead of doing anything, a good portion of the staff was interacting and mocking the hacker,’ according to a text sent to Curry by a company worker.
Curry said he spoke to several Uber employees who said they were ‘working to lock down everything internally’ to restrict the hacker’s access, including the company’s Slack internal messaging network, he said.
The hacker was able to infiltrate the system by sending a worker a text claiming to be from the company’s IT team and convincing them to share their password
Uber employees received this text message from the company’s IT department after the hack
‘URGENT: All Uber employees should stop using Slack until further notice. We are working to resolve an issue and will send additional updates.’
He said there was no indication that the hacker had done any damage or was interested in anything more than publicity.
‘My gut feeling is that it seems like they are out to get as much attention as possible,’ Curry said.
The hacker had alerted Curry and other security researchers to the intrusion by using and an internal Uber account to comment on vulnerabilities they had previously identified on the company’s network through its bug-bounty program, which pays ethical hackers to identify vulnerabilities.
The saboteur also said that Uber should pay their drivers more.
The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they broke in.
The Associated Press attempted to contact the hacker at the Telegram account where Curry and the other researchers chatted with them, but no one responded.
One screenshot posted on Twitter and confirmed by researchers shows a chat with the hacker in which they say they obtained the credentials of an administrative user and then used social engineering to access Uber’s internal network.
Uber said via email that it was ‘currently responding to a cybersecurity incident. We are in touch with law enforcement.’ It said it would provide updates on its Uber Comms twitter feed.
The company suffered another crippling hack in 2016, but lied about it and tried to cover it up, according to the Times.
In that instance, the hackers stole the information for nearly 600,000 riders and drivers and then extorted $100,000 out of the company in exchange for the data.
Uber’s cybersecurity chief at the time was fired afterward and charged with obstructing justice for not disclosing the breach to Federal Trade Commission.