Technologies Inc. said Friday that its systems were working and it had no evidence that sensitive user data were involved in a security breach after a hacker claimed to have gained widespread access to the company’s computer systems.
The ride-sharing giant said that sensitive data like users’ trip history doesn’t seem to have been involved in the hack. It said all its services were operational and its internal systems, which it had shut down protectively, were coming back online.
“All of our services including
Freight, and the
Driver app are operational,” the company said in a tweet.
On Thursday, a hacker, identified only by the Telegram handle Tea Pot, gained control of
login at HackerOne, a firm that helps companies work with researchers to identify cybersecurity flaws, according to HackerOne users. The hacker provided researchers with screenshots that appeared to show widespread access to a range of administrative accounts that manage
technology systems, including the company’s Amazon Web Services and Google clouds, as well as
systems, the researchers said.
said on Friday that it had cut off employee access to Zoom, Slack and Gmail following the incident, but by Friday had restored the use of Zoom and Gmail.
Security experts who have talked to the hacker said the hacker claims to have tricked an Uber employee into granting them access to Uber’s virtual private network. Once on the network, the hacker was able to gain access to other credentials that provided more widespread access.
Uber’s latest cybersecurity problem comes a little over a week after a trial started over its former security chief’s role in responding to an earlier hack.
In 2016, Uber had a data breach during which hackers were able to download about 57 million records. Millions of riders’ names, emails and phone numbers were accessed, as were about 600,000 driver’s license numbers. A year later, Uber disclosed the breach and said it paid the hackers $100,000 as part of the company’s bug bounty program.
The company said at the time that it had fired its chief security officer and deputy for their roles in the company’s response to the breach. The security chief, Joe Sullivan, is now on trial, facing criminal obstruction charges for his role in concealing the incident from the Federal Trade Commission, which was investigating Uber at the time. The trial started last week in U.S. District Court in San Francisco.
Uber shares were down around 4% in midday trading Friday. Over the last 12 months, they have outperformed the broader market, falling around 21%, while the Nasdaq Composite index fell around 26%.
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8