Uber says it is working with law enforcement to investigate a data hack that may have given a hacker widespread access to all of the firm's data and systems.
This is not the first time that Uber has been hacked, but as yet it's not known to what extent the breach has been successful.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.
— Uber Comms (@Uber_Comms) September 16, 2022
Uber has tweeted about the incident, and according to the Wall Street Journal, it is confirmed that a hacker did gain at least some access.
Reportedly, the hacker first gained access to Uber's account with security firm HackerOne. That firm's researchers say that the hacker provided screenshots showing Uber's systems ranging from its Amazon Web Services accounts, to Google cloud services.
"We got alerted to this promptly by our customer Uber," Marten Mickos, HackerOne's chief executive, said in a text message to the publication. "We locked access to their data in order to protect it. We have a team assisting them in their investigation."
It's not clear how the hack was initially identified, and the Wall Street Journal says it has not been able to verify the hacker's claims. That includes whether the hacker is one identifying himself or herself as Tea Pot.
Tea Pot has both claimed to be the hacker, and reportedly said that the hack was done by tricking an Uber employee into giving them access to the company's private network.
If the breach is as severe as reported, it won't be the company's first massive breach.
Former Uber security chief, Joe Sullivan, was fired after a 2016 data breach. He is this week standing trial over accusations that he paid the hackers' ransom in order to hide that there had been a breach. Sullivan denies this.
2 Comments
So, this is the second major breech of this billion dollar company. I’m still trying to wrap my head around the concept that having a multiple unmonitored stores from anyone being a good idea. Thankfully, the data they had was not financial data. Of course Teapot wouldn’t have to hack their system for data if they built their own App Store and offered access for cheap. Or they could just hack the store a get it. So far Apple has be excellent at protecting our data which an ongoing effort.
Remember stories like this when once again claims about Apple being behind in supporting the latest web technologies get raised. The people who don't have to bear responsibility for faults are always complaining about being held back.
It was great to learn programming in the 1980s, where networking was not available to the hobbyist. These days, it's so cheap to run simple intrusion tests that you have to assume that any weakness in your security is going to be at least noticed (and more likely, actively exploited) within minutes of deployment.
Apple's not perfect in this regard - we've seen numerous issues from their software and systems relating to input validation failures - but they have always treated security as an important aspect of everything they do rather than a bolt-on. Uber and companies like them are learning that this is what you have to do in today's world.