Uber has reportedly said that there was no evidence that the hacker got access to sensitive user data. A recent report of a network breach forced the ride-hailing company to shut several internal communications and engineering systems.
Uber discovered the breach on Thursday and had taken several of its internal communications and engineering systems offline while it investigates the incident, according to a report by The New York Times, which broke the news of the breach.
The sole hacker behind the breach, who claims to be 18 years old, told the Times that he compromised Uber because the company had weak security. The attacker reportedly used social engineering to compromise an employee's Slack account, persuading them to hand over a password that allowed them access to Uber's systems. This has become a popular tactic in recent attacks against well-known companies, including Twilio, Mailchimp, and Okta.
The breach which was apparently caused by a lone hacker highlights an increasingly effective break-in routine involving social engineering. Screenshots that the hacker shared with security researchers indicated that they could obtain full access to the cloud-based systems.
According to a recent report by Associated Press, ride-hailing service Uber has said that there wasn't any evidence indicating that the hacker got access to sensitive user data.
The breach, which was seemingly caused by a single hacker, points to an effective break-in routine involving social engineering where the hacker gained access by posing as a colleague and tricking an Uber employee into disclosing their credentials.