SAN FRANCISCO — Uber mentioned Thursday that it reached out to legislation enforcement after a hacker apparently breached its community. A safety engineer mentioned the intruder had offered proof of acquiring entry to essential cloud programs on the ride-hailing service.
There was no indication that Uber’s fleet of automobiles or its operation was in any means affected.
“It looks as if they’ve compromised a whole lot of stuff,” mentioned Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That features acquiring full entry to the Amazon and Google-hosted cloud environments the place Uber shops its supply code and buyer knowledge, he mentioned.
Curry mentioned he spoke to a number of Uber workers who mentioned they have been “working to lock down all the pieces internally” to limit the hacker’s entry. That included the corporate’s Slack inner messaging community, he mentioned.
He mentioned there was no indication that the hacker had finished any injury or was fascinated with something greater than publicity. “My intestine feeling is that it looks as if they’re out to get as a lot consideration as potential.”
The hacker had alerted Curry and different safety researchers to the intrusion by utilizing and an inner Uber account to touch upon vulnerabilities that they had beforehand recognized on the corporate’s community via its bug-bounty program, which pays moral hackers to establish vulnerabilities.
The hacker offered a Telegram account deal with and Curry and different researchers then engaged them in a separate dialog, sharing screenshots of varied pages from Uber’s cloud suppliers to show they broke in.
The Related Press tried to contact the hacker on the Telegram account the place Curry and the opposite researchers chatted with them. However nobody responded.
One screenshot posted on Twitter and confirmed by researchers exhibits a chat with the hacker by which they are saying they obtained the credentials of an administrative consumer after which used social engineering to entry Uber’s inner community.
Uber mentioned through e mail that it was “presently responding to a cybersecurity incident. We’re in contact with legislation enforcement.” It mentioned it might present updates on its Uber Comms twitter feed.