Uber investigates 'cybersecurity incident' after reports of a hack on the company

Uber connected Thursday said it is investigating a cybersecurity incidental pursuing reports that the ride-hailing institution had been hacked.

"We are presently responding to a cybersecurity incident," Uber said successful a connection connected Twitter. "We are successful interaction with instrumentality enforcement and volition station further updates present arsenic they go available."

A hacker gained power implicit Uber's interior systems aft compromising the Slack relationship of an employee, according to the New York Times, which says it communicated with the attacker directly. Slack, a workplace messaging service, is utilized by galore tech companies and startups for mundane communications.

Uber has present disabled its Slack, according to aggregate reports. Shares of Uber declined astir 4% successful premarket trading Friday.

After compromising Uber's interior Slack successful a alleged societal engineering attack, the hacker past went connected to entree different interior databases, the Times reported.

A abstracted report, from the Washington Post, said the alleged attacker told the paper they had breached Uber for amusive and could leak the company's root codification successful a substance of months.

Employees initially thought the onslaught to beryllium a gag and responded to Slack messages from the alleged hacker with emojis and GIFs, the Post reported, citing 2 radical acquainted with the matter.

Screenshots shared connected Twitter suggest the hacker besides managed to instrumentality implicit Uber's accounts with Amazon Web Services and Google Workspace, and summation entree to interior fiscal data.

CNBC was incapable to independently verify the information. Uber declined to remark beyond its connection posted connected Twitter.

While it's not wholly wide yet however Uber's systems were compromised, cybersecurity researchers said archetypal reports bespeak the hacker eschewed blase hacking techniques successful favour of societal engineering. This is wherever criminals prey connected people's credulity and inexperience to summation introduction to firm accounts and delicate data.

"This is simply a beauteous low-bar to introduction attack," said Ian McShane, vice president of strategy astatine cybersecurity steadfast Arctic Wolf. "Given the entree they assertion to person gained, I'm amazed the attacker didn't effort to ransom oregon extort, it looks similar they did it 'for the lulz'."

"It's impervious erstwhile again that often the weakest nexus successful your information defenses is the human," McShane added.

News of the onslaught comes arsenic Uber's erstwhile information chief, Joe Sullivan, is lasting proceedings implicit a 2016 breach successful which the records of 57 cardinal users and drivers were stolen. In 2017, the institution admitted to concealing the onslaught and, the pursuing year, paid $148 cardinal successful a colony with 50 U.S. states and Washington, D.C.

Uber has attempted to cleanable up its representation successful the aftermath of the exit of Travis Kalanick successful 2017, the arguable erstwhile CEO who founded the institution successful 2010. But scandals and controversies from Kalanick's tumultuous tenure proceed to haunt the firm.

In July, The Guardian reported connected the leak of thousands of documents which elaborate however Uber pushed into cities astir the world, adjacent if it meant breaking section laws. In 1 instance, erstwhile CEO Travis Kalanick said that "violence guarantees success" aft being confronted by different executives astir concerns for the information of Uber drivers sent to a protestation successful France.

In effect to The Guardian's reporting astatine the time, Uber said the events were related to "past behavior" and "not successful enactment with our contiguous values."