Uber is investigating a cybersecurity problem that has affected the company’s internal systems and that would have its origin in a social engineering attack that would have given access to the Slack account of one of the employees.
This Thursday Uber disconnected internal communications and engineering systems in response to a security breach that would have given an external actor access to internal databases of the company.
This security breach would be the result of a social engineering attack directed against one of the employees who would have gotten access to your account in Slack the communication service they use internally, and from there to Uber’s internal systems, as explained in The New York Times.
According to the testimony of two workers, this external actor sent a message to all employees through Slack, which could read: “I announce that I am a hacker and Uber has suffered a data breach.” He accompanied it with screenshots of internal databases he claimed to have compromised, and contacted various security researchers and The New York Times.
The company has confirmed via Twitter that they are “responding to a cybersecurity incident”. We are in contact with the police and will post additional updates here as they become available.
We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.
— Uber Comms (@Uber_Comms) September 16, 2022