According to The New York Times, Uber was hacked and had to shut down its internal messaging system and engineering systems while it looked into the situation.
Employees were told not to access Slack, where the malicious user had posted a message that stated, "I proclaim I am a hacker and Uber has suffered a data breach," along with a number of emojis, before it was taken down, according to sources who spoke with the outlet.
The business acknowledged the breach in a tweet and stated that it is now in contact with law police and is reacting to a cybersecurity problem.
The business declined to clarify precisely what the hacker was able to access or whether user data was affected.
The Times says the hacker's Slack message also listed databases they claim they were able to infiltrate, though. And based on screenshots seen by The Washington Post, the bad actor boasted about being able to gather internal code and messaging data. An Uber spokesperson explained that the bad actor was able to post on the company Slack after compromising a worker's account. They then gained access to Uber's other internal systems and posted an explicit photo on an internal page.
Bug bounty hunter and security researcher Sam Curry tweeted information reportedly from an Uber employee that could be about that explicit photo:
Uber admitting the incident and getting in touch with authorities shortly after it happened is a massive departure from how it handled the data breach it suffered back in 2016. The company hid that attack for a year and instead of reporting the incident, it paid the hackers $100,000 to delete the information they stole. Former Uber security chief Joseph Sullivan was fired and eventually charged with obstruction of justice for the role he played in the coverup, though his lawyers argued that he was used as a scapegoat. Uber settled with the Justice Department for failing to disclose the breach in July this year.