Share this article on:
“I announce I am a hacker and Uber has suffered a data breach,” the message to Uber’s Slack read, alerting the company to the breach.
“Slack has been stolen, confidential data with Confluence, stash and 2 monorepos from phabricator have also been stolen, along with secrets from sneakers,” the post from Nwave, the company’s hacker, continued.
It was revealed last week that ridesharing platform Uber had suffered a data breach, reportedly not having realised the hack until the infiltrator exposed their exploits on the company Slack.
Leaked screenshots appear to demonstrate the extent of the hack, which allegedly include access to the company’s Amazon Web Services account.
Speaking to The New York Times, the hacker revealed that they are just 18 years old and gained access into Uber’s internal systems through a social engineering exploit that targeted one of the company’s employees.
Despite taking control of the company’s slack and flaunting their exploits, many of the company’s staff thought the message to be a joke. Leaks from Uber employees detailed how many continued to interact with the hacker.
Sam Curry of Yuga Labs took to Twitter to detail some of the leaks that he had heard from within the company.
“At Uber, we got an ‘URGENT’ email from IT security saying to stop using Slack. Now anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message ‘F*** you wankers’,” he tweeted.
“Instead of doing anything, a good portion of the staff was interacting and mocking the hacker thinking someone was playing a joke. After being told to stop going on slack, people kept going on for the jokes. Lmao.”
The hack is the latest instalment in a worrying phishing trend, where employees intentionally engage with malicious users despite the advice of IT and cyber security teams.