Staff Laughed, But This Uber Hack Is Serious

Despite having access to tons of cash and the best possible resources, large companies seem to be especially vulnerable to cybercrime and large-scale data theft. There have been countless instances of large corporations falling victim to cyber fraud and data theft in the past. Over the past decade, massive billion-dollar corporations like Yahoo, eBay, Adobe, and Verizon have suffered from embarrassing data breaches. While these companies could be blamed for failing to adapt to newer challenges posed by the ever-changing security landscape, recent instances of large-scale data breaches seem to have befallen relatively newer and younger companies, too.

Popular social media platforms like Facebook, Twitter, Instagram, and Snapchat seem to be particularly vulnerable to such incidents — and so are popular food delivery and ride-sharing apps. Recent examples of such cybersecurity incidents include the data breach incident that affected Facebook last year — involving data belonging to more than 533 million Facebook users. In January 2022, Twitter confirmed that it was made aware of a security issue that could have potentially led to large-scale data theft.

The popular ride-sharing app Uber has also been the target of digital crime. The most notable among these dates back to 2016 — when hackers accessed private information belonging to more than 57 million Uber users and demanded a $100,000 ransom. Unfortunately, despite this much-publicized incident, Uber doesn't appear to have learned from its mistakes. The company is once again in the news after it confirmed another instance of a security breach.

Social engineering, hacking, or both

On September 16, 2022, Uber's official communications team tweeted that they were investigating a "cybersecurity incident" within the company. Uber's tweet was released after a set of social media posts pointed to a boastful individual claiming to have been behind a significant hack of Uber's digital defenses. Posts included screenshots from the official Uber Slack, showing the alleged hacker claiming that Uber had suffered a data breach and that the company was underpaying its drivers. Several Uber employees initially assumed the post was a joke and responded as such.

The alleged hacker also contacted mainstream news outlets to brag about their exploits. According to The New York Times, the hacker claimed they were an 18-year-old teen who believed that Uber had weak security protocols. 

This same individual also suggested that they gained access to Uber's internal communications systems using a social engineering "hack." The process involved the hacker fraudulently posing as a senior Uber executive and communicating with an Uber employee for a password to access Uber's systems.

In response to the incident, Uber asked its employees to stop using Slack and took their internal messaging channel offline. Other internal employee tools within Uber were also taken offline. The company's official reaction to the incident was that they had begun an internal investigation and that they were in touch with law enforcement agencies. The company continues to remain tight-lipped about the incident but maintains that it will have more to say in the days to come.