Uber says there is “no evidence” that its users’ private information has been compromised in a breach of its internal computer systems discovered Thursday.
All of the company’s products, including its Uber Eats ride-sharing and food delivery services, are currently “operational” and law enforcement has been notified, Uber said in a statement this afternoon.
The attack forced the company to take several of its internal systems offline, including Slack, Amazon Web Services, and Google Cloud Platform. Uber continues to investigate how a hacker, who claims to be 18 years old, was able to gain administrator access to the company’s internal tools.
Those internal software tools went offline yesterday afternoon as a “precaution” and began coming back online today, the company says.
The hacker announced himself to Uber employees by posting a message on the company’s internal Slack system.
“I announce that I am a hacker and Uber has suffered a data breach,” reads circulated on Twitter.
The alleged hacker listed sensitive company information he said he had accessed and posted a hashtag saying that Uber underpays its drivers.
The hacker, who spoke with , claims to have received a password that allows access to Uber’s systems from a company employee whom he tricked into posing as a corporate official, a technique known as social engineering.
Security experts consulted by the Times said the attack appeared to be a “total compromise” of Uber’s systems. But the company is not advising its users to make any proactive changes to their accounts at this time, such as changing passwords, a spokesperson said.
