The airline said in a tweet that it was “responding to a cyber security incident”. The hacker appeared in a message posted on Slack, according to two people familiar with the matter, who spoke on condition of anonymity because of the sensitive nature of the incident. “I am announcing that I am a hacker and uber has suffered a data breach,” the message said. A flurry of reaction emojis followed, including several dozen showing what appeared to be siren symbols. Because of the hack, the people said, some systems such as Slack and internal tools were temporarily disabled. Internal screenshots obtained by the Washington Post showed the hacker claiming to have broad access to Uber’s corporate networks and appeared to suggest the hacker was motivated by the company’s treatment of its drivers. The person claimed to have taken data from common software that Uber employees use to write new programs. Uber pointed to its statement on Twitter when asked for comment. The company did not immediately respond to questions about the extent to which internal information may have been compromised. Uber waits a year to report massive breach of customer data The New York Times first reported the incident. Uber previously suffered a breach in 2016 that exposed the personal information of 57 million people worldwide, including names, email addresses and phone numbers. It also included driver’s license information from about 600,000 American drivers. Two people accessed the information through “a third-party cloud-based service” used by Uber at the time. Uber, which is based in San Francisco, employs thousands of people worldwide who may have been affected by the hacker’s disruption of systems. The company has also come under fire for its treatment of drivers, whom it has fought to retain as contractors. The hacker was posted as Uber in a chat mode on HackerOne, which causes interference between researchers who report security vulnerabilities and the companies affected by them. Uber and other companies use this service to manage reports of security flaws in their programs and reward researchers who find them. What to do if you get hacked In a later interview on a messaging app, the alleged hacker told The Post that they had hacked the company for fun and might leak the source code “in a few months.” The person described Uber’s security as “awful.” Peiter “Mudge” Zatko’s journey from hacker to Twitter whistleblower Uber employees were taken aback by the sudden interruption to their workday, and some initially reacted to the alarming messages as if they were a joke, according to screenshots. The hacker’s ominous posts were met with backlash that apparently featured the SpongeBob character Mr. Krabs, the popular “It’s Happening” GIF, and questions about whether the situation was a hoax. “Sorry to be a stick in the mud, but I think IT would appreciate fewer memes while it handles the breach,” said one message seen by The Post.
