ON THURSDAY EVENING, ride-share giant Uber confirmed that it was responding to “a cybersecurity incident” and was contacting law enforcement about the breach. An entity that claims to be an individual 18-year-old hacker took responsibility for the attack, bragging to multiple security researchers about the steps they took to breach the company. The attacker reportedly posted,
“Hi @here I announce I am a hacker and Uber has suffered a data breach,”
in a channel on Uber's Slack on Thursday night. The Slack post also listed a number of Uber databases and cloud services that the hacker claimed to have breached. The message reportedly concluded with the sign-off, “uberunderpaisdrives.”
Uber pointed to its tweeted statement when asked for comment on the matter. In an update Friday, the company said its investigation was ongoing, and services such as Uber and Uber Eats — and the company’s driver app — were working. It said the software tools that Uber disabled “as a precaution” were coming back online.
“We have no evidence that the incident involved access to sensitive user data (like trip history),”
the company wrote.
The hacker appears to have made themselves known to Uber’s employees by posting a message on the company’s internal Slack system. “I announce I am a hacker and Uber has suffered a data breach,” screenshots of the message circulating on Twitter read.
The claimed hacker then listed confidential company information they said they’d accessed, and posted a hashtag saying that Uber underpays its drivers.