Uber said on Thursday that it is responding to a cybersecurity incident after a hacker reportedly breached the raid-hailing company’s network and compromised a number of its internal systems.
“I announce I am a hacker and uber has suffered a data breach,” the message reportedly read.
According to the publication, Uber promptly took several of its internal communications and engineering systems offline while it launched an investigation into the extent of the breach.
According to the Washington Post, the hacker was prompted to conduct a security breach due to Uber’s treatment of its drivers.
Uber’s labor practices have repeatedly come under fire; the company designates its drivers as “contractors”, meaning they are not entitled to increased worker' rights, protections, and other benefits.
Simple Text Message
The individual claiming to be behind the security breach told The New York Times that they had simply sent a text message to an Uber worker pretending to be a corporate IT person and were promptly provided with a password that allowed them to gain wide-reaching access to Uber’s systems.SMS phishing is one of the many methods used by scam artists to lure people into handing over their personal or financial information via text message or other mobile messaging services like WhatsApp.
“The person who claimed they just hacked Uber is saying their method was: - Send SMS phish to Uber worker as IT Support - Steal credentials - Access Slack & internal systems,” Tobac wrote.
The expert hacker added that there has been a rise in SMS-based phishing because it’s “working” and “becoming increasingly well documented by attackers, and there are now kits that make it easier to develop attacks to steal passwords and MFA codes.”
She added that a Fast Identity Online (FIDO) key, which uses things like fingerprint login and two-factor login to identify users, likely would have helped to prevent Uber’s latest incident.
The Epoch Times has contacted Uber for comment.
“Uber is a valued customer, and we are here to help them if they need us,” Slack, which is owned by Salesforce Inc, said.