American mobility service provider Uber’s computer network was breached on Thursday, and the company has now launched an investigation.
This hacking has led the company to take several of its internal communications and engineering systems offline, as it began its investigation.
The ride-hailing service company said it contacted law enforcement after the incident, first reported by the New York Times, after the hacker sent images of emails, cloud storage and code repositories.
Despite the hack, Uber’s fleet of vehicles and its operations remained unaffected.
Following the incident, employees at Uber were instructed to refrain from using the company’s internal messaging service, Slack.
Shortly before the Slack system was made offline on Thursday, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach.”
However, this is not the first time Uber suffered a hack.
Back in 2016, the mobility service provider fell prey to hackers who exposed personal information of 57 million people from the world over.
Information included names, email addresses and phone numbers. Over 600,000 US-based drivers’ information were also revealed.
“The hacker compromised a worker’s Slack account and used it to send the message,” an Uber spokesman told the New York Times.
While the incident is undergoing investigation, it has also sparked concern among many globally, especially cybersecurity experts in the UAE.
“This is a salutary lesson for all organisations in just how important the basics of cybersecurity are,” BeyondTrust’s chief security strategist, EMEA & APAC, Brian Chappell told Arabian Business.
Chappell said: “You can have the best monitoring tools in the world but they won’t stop a breach. Getting the basics right offers the best chance of stopping a breach before it can cause any significant damage.”
“Technology alone as a solution is papering over the cracks. To fix the cracks you need people and process to change as well. People need training in new processes that complement the technology and deliver maximum return on the investment made,” he explained.
The Uber hacker, who claims to be 18 years old, was able to gain access to other internal systems after working on his cybersecurity skills for several years, the New York Times report said.
The hacker said he had broken into Uber’s systems because the company had weak security, the report added.
After appearing to have access to Uber source code, email and other internal systems, the hacker posted an explicit photo on an internal information page for employees.
“I am surprised that internal security systems did not pickup east – west traffic while the bad actor traversed the network looking for rich pickings (which they seem to have got in the form of confidential company information and source code),” Qualys’ chief technical security officer UK, Paul Baird told Arabian Business.
Baird added: “Uber needs to learn from this breach, bolster their IT and cyber security education and awareness programs, have or extend MFA and run a sanitisation exercise of systems to make sure scripts and documents sitting on internal systems don’t carry keys to the kingdom.”
Follow us on
