Is it to protest the drivers’ employment conditions? –

Uber (Uber) recently experienced a hack, and is now investigating the damage of the event. The company reported on its own initiative that it had experienced a “cyber security incident”, and that it had opened an investigation into the hack and had informed the police about it.

According to Uber’s statement, the company found no evidence that the hacker had access to “sensitive user data (such as trip history).”

However – according to the estimates and reports – the intruder, who apparently acted alone, definitely gained access to the internal systems of the shared travel and errand service.

GodNew York Times Contacted the hacker, and according to him he is only 18 years old. The hacker sent the newspaper proof of his access to the company’s systems, using images showing access to Uber’s e-mail, cloud storage services and source code. This information is also shared with security researchers.

Sam Curry, a security expert investigating the Uber failure, was also in contact with the hacker and confirmed to the Times that the hacker had “almost complete access to Uber.” According to Carey, the hacker may not know what to do with the access he has gained.

The fact that the hacker apparently has access to the internal systems of the travel sharing company raises concerns about sensitive information of the company itself on the one hand, and the data of its many users on the other, but the question of whether these were affected is still shrouded in fog now, three days after the disclosure of the breach.

The hack was discovered – due to the hacker’s message on Slack

The news about the security incident came in the form of a message published on the channelsSlack (Slack) of Uber – used as an internal communication platform between employees – where the hacker apparently reported that the company had been affected by a data breach.

According to two anonymous Uber employees, the company has taken its Slack channels offline, and other internal systems are also no longer accessible. The company claims that its internal systems are back online.

According to Carey, as reported by the Journal, the hacker tricked an Uber employee to gain access to the company’s internal network and after entering them, the hacker was able to obtain other credentials that would allow him to expand his access further.

Uber acknowledged the breach of its systems security but assured that it had no indications that its vehicle fleet, customers or payment data were affected by the incident.

In a recent update published by the company, it was stated: “We have no evidence that the incident involved access to sensitive user data (such as travel history). All of our services including Uber, Uber Eats, Uber Freight and the Uber Driver app are working.”

The motives for the hack are unclear. The hacker also spoke with theWashington Post, Lu said that the attack was “for fun”. He also claimed that “in a few months” he may start publishing the source code he has.

The identity of the hacker is unknown, andWall Street Journal Claims that his nickname on Telegram is ‘tea pot(Tea Pot). It was also reported that the hacker broke into Uber to demonstrate its weak security, according to his words to the Times. However, in a message sent to Uber employees on Slack, the hacker added things that may point to another reason behind the hack – the unfair wages and employment conditions of Uber drivers.

Still dealing with past security failures

It should be noted that these very days, against the background of the new hack, Uber is busy dealing with painful security failures from the past.

The company’s CEO, Dera Kosarshahi, said last Friday that he does not trust the company’s former head of security, Joe Sullivanafter investigating a data breach experienced by the company in 2016.

The words were said on Friday while testifying in Sullivan’s criminal trial. Kosarshahi also said that Sullivan omitted critical information from him about the extent of the data breach in 2016, a serious security incident that involved the breach of data of about 57 million passengers and drivers, which hackers got their hands on.

“I decided to fire Joe because he was my chief security officer and I could no longer trust his judgment as my employee,” Kosarshahi told the court. According to him, Sullivan omitted certain facts from the email summarizing what happened, which he sent to the CEO regarding the incident. For example, he did not inform his boss of the data on how many passengers and drivers were affected by the hack, the type of information taken and the data downloaded by the hackers, according to Kosarshahi.

The Uber CEO also testified that Sullivan did not tell him that Uber had paid the hackers $100,000, and said that Sullivan’s summation led him to assume that only one person hacked the server, and that that person was paid only after Uber realized his identity. According to Kosarshahi, he learned the large scale of the hack. Only after he launched an independent investigation into the matter.