Uber is “responding to a cybersecurity incident”

The early hours of this morning saw Uber announcing that it was responding to a “cybersecurity incident”, but a report from the New York Times reveals an alarming situation has unfolded at the firm.

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.

— Uber Comms (@Uber_Comms) September 16, 2022

The publication reports that it has been sent images of email, cloud storage and code repositories by the person claiming responsibility for the hack. Said individual also said that they had managed to gain access to Uber’s systems through social engineering.

The alleged hacker, who is reportedly a teenager, says that he had breached Uber’s systems because it had weak security. The Washington Post further revealed that according to internal screenshots the hack was also motivated by the company’s treatment of its drivers.

The hacker even managed to gain access to an Uber employee’s Slack account to proclaim, “I announce I am a hacker and Uber has suffered a data breach.”

Despite tweeting about the incident in the wee hours of Friday morning, Uber is yet to update users on the incident. It’s unclear whether user data has been compromised but we would recommend changing your passwords as a precautionary measure.

The firm has directed customers to its Uber Comms Twitter account for updates.

In 2020 Twitter suffered a similar breach when an employee succumbed to social engineering. In that breach, an attacker was able to take control of high-profile accounts to push users toward a cryptocurrency scam.

Uber also suffered a breach in 2016 in which the personal information of 57 million people was compromised. That incident earned Uber a fine of $148 million thanks to the fact that it took a year to alert customers.

Here’s hoping history isn’t repeating itself.