Tech

Uber Says Security Breach Didn’t Involve Access to Sensitive User Data

0


Uber


UBER -3.62%

Technologies Inc. said Friday that its systems were working and it had no evidence that sensitive user data were involved in a security breach after a hacker claimed to have gained widespread access to the company’s computer systems.

The ride-sharing giant said that sensitive data like users’ trip history doesn’t seem to have been involved in the hack. It said all its services were operational and its internal systems, which it had shut down protectively, were coming back online.

“All of our services including

Uber,


UBER -3.62%

Uber

Eats,

Uber

Freight, and the

Uber

Driver app are operational,” the company said in a tweet.

On Thursday, a hacker, identified only by the Telegram handle Tea Pot, gained control of

Uber’s

login at HackerOne, a firm that helps companies work with researchers to identify cybersecurity flaws, according to HackerOne users. The hacker provided researchers with screenshots that appeared to show widespread access to a range of administrative accounts that manage

Uber’s

technology systems, including the company’s Amazon Web Services and Google clouds, as well as

VMware Inc.’s

systems, the researchers said.

Uber

said on Friday that it had cut off employee access to Zoom, Slack and Gmail following the incident, but by Friday had restored the use of Zoom and Gmail.

Security experts who have talked to the hacker said the hacker claims to have tricked an Uber employee into granting them access to Uber’s virtual private network. Once on the network, the hacker was able to gain access to other credentials that provided more widespread access.

Uber’s latest cybersecurity problem comes a little over a week after a trial started over its former security chief’s role in responding to an earlier hack.

In 2016, Uber had a data breach during which hackers were able to download about 57 million records. Millions of riders’ names, emails and phone numbers were accessed, as were about 600,000 driver’s license numbers. A year later, Uber disclosed the breach and said it paid the hackers $100,000 as part of the company’s bug bounty program.

The company said at the time that it had fired its chief security officer and deputy for their roles in the company’s response to the breach. The security chief, Joe Sullivan, is now on trial, facing criminal obstruction charges for his role in concealing the incident from the Federal Trade Commission, which was investigating Uber at the time. The trial started last week in U.S. District Court in San Francisco.

Uber shares were down around 4% in midday trading Friday. Over the last 12 months, they have outperformed the broader market, falling around 21%, while the Nasdaq Composite index fell around 26%.

After enduring the pandemic, ride-share companies like Uber and Lyft are now facing a new world of high inflation, driver shortages, and dwindling passenger numbers. WSJ’s George Downs explains what they’re doing to try and survive. Illustration: George Downs

Write to Robert McMillan at [email protected] and Meghan Bobrowsky at [email protected]

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8



routershake

Xiaomi 12T, Xiaomi 12T Pro Price, Specifications Leaked Online Ahead of Launch: Report

Previous article

Banning Gas Cars Is Good, but It’ll Take More to Save the Planet

Next article

You may also like

Comments

Leave a reply

Your email address will not be published.

More in Tech