The hacker who claimed responsibility reportedly claims to be just 18 years old and gained access to the ride-sharing giant’s internal networks by pretending to be an IT employee and asking for the password of an unnamed Uber employee. The alleged hacker disclosed the data breach in messages to The New York Times and cybersecurity researchers, the agency said. Uber employees learned the systems were breached after the hacker posted a brazen message on the company’s Slack messaging platform. “I am announcing that I am a hacker and Uber has suffered a data breach,” the message said. The hacker also reportedly posted that Uber drivers should be “compensated better for their work.” The hacker appeared to have gained complete control of Uber’s systems, Yuga Labs security engineer Sam Curry told The New York Times. “They have almost full access to Uber,” Curry said. “This is a total compromise, it seems.” The hacker reportedly mocked Uber employees by sharing on the company’s platforms. An employee told Fortune that the hacker posted a photo of an erect penis and the message “F— YOU DUMB WANKERS.” The hacker told The New York Times that he decided to breach Uber’s systems because the company has weak cybersecurity measures in place. Uber was forced to take many of its internal platforms offline after learning of the widespread data breach. “We are currently responding to a cybersecurity incident,” Uber said in a statement. “We are in contact with law enforcement and will post additional updates here as they become available.” Uber has yet to provide further details about the hack.Getty Images The alleged hacker posted screenshots purportedly from Uber’s internal systems on Telegram, and the images quickly spread on Twitter. When asked by The Post for further comment on the situation, an Uber spokesperson pointed to the company’s brief statement on Twitter. Uber said it is cooperating with law enforcement officials. Gado via Getty Images Kevin Reed, the head of information security at Acronis, said the hacker likely found “high-privileged credentials on a network file share and used them to access everything.” “The worst thing is that if you had your data on Uber, there is a good chance that so many people have access to it. Let’s say if they know your email, they might then know where you live,” Reed wrote on LinkedIn. “This specific hacker may not have penetrated the data, but there’s no way to know, and the whole story leads me to believe that Uber was hacked by other, less powerful parties.”
