Uber: No indications that data was stolen in hack attack
The damage suffered by Uber in the hacking attack on its intranet seems limited so far. The company said in a statement Friday. The hacker would not have had access to user data, such as their travel history and other privacy-sensitive data.
Uber writes Friday that its services, including its eponymous taxi service and meal delivery service Uber Eats, are operational. The company is also using its software tools on the intranet again, which were taken offline on Thursday just to be safe. The company has not shared any details about the attack.
Bleeping Computer claims Friday that it has seen the hacker’s screenshots. Those screenshots allegedly show Uber’s intranet, including the Amazon Web Services console and the Google Workspace dashboard. The perpetrator would also have seen Uber’s bug bounty program. This suggests that he is aware of security vulnerabilities that the company may not have fixed yet.
The hack was publicly acknowledged by Uber on Thursday. The New York Times had spoken to a security researcher, who is said to be in contact with the 18-year-old hacker. The attacker claimed to have “full access” to internal Uber systems. He allegedly invaded the Uber intranet through social engineering. In addition to accessing the Uber-Slack, the attacker would also have access to source codes, email systems “and other internal systems.” This has not yet been confirmed by Uber itself.