Uber says it is in contact with law enforcement following reports of a significant data beach of its network. Credit: Magdalena Petrova/IDG Ride-hailing giant Uber has confirmed that it is responding to a cybersecurity incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems.Attacker announces Uber breach through compromised Slack accountIn a statement on Twitter, Uber wrote “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.” While details from the company were sparse at the time of writing, a report by the New York Times on Thursday claimed that a hacker was able to compromise an employee’s Slack account and used it to send a message to Uber employees announcing that the company had suffered a data breach.The report, which cited an Uber spokesperson, also claimed that the hacker posted, “I announce I am a hacker and Uber has suffered a data breach,” before listing several internal databases that were apparently compromised. The person claiming responsibility for the hack told the New York Times that they had sent a text message to an Uber employee claiming to be a corporate IT person, persuading them hand over a password that allowed the actor to gain access to Uber’s systems. According to a tweet by security researcher and bug bunty hunter Sam Curry, an anonymous Uber employee stated, “At Uber, we got an “URGENT” email from IT security saying to stop using Slack. Now anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message “F*** you wankers.” Speaking to CSO, Jake Moore, global cyber security advisor at ESET, says, “The use of a simple social engineering hack via SMS to hack into their systems leaves Uber with not just embarrassment but questions on how much data was so easily accessible behind one simple compromise. Attackers should never be underestimated and those targeted must remain vigilant to such attacks. Therefore, personal data needs to be behind much stricter securities and must be protected the best it can be not only from insider threats but also relentless attackers looking for vulnerable staff.”Andy Swift, technical director of offensive security, Six Degrees, adds that internal systems are the soft underbelly of organizations, and the Uber incident just goes to show that even the most simplistic of techniques, if done correctly, can unpick an entire infrastructure with relative ease. “It’s why things like the concept of least privilege and focus on maintaining and reducing internal attack surfaces with a holistic view is so very important and getting big focus right now. Trying to get companies to think less about the security of individual systems in pigeonholes and have a more holistic view embedded into their security testing programs through the use of red/purple teaming engagements can really help pinpoint areas of weakness against the organization as a whole. As we have seen here, looking at it from this perspective is important in understanding an attacker’s view, and continuous testing – combined with strategic, planned improvement based on results – is vital.” CSO will follow this story and update as more details come to light. Related content news Administrator of ransomware operation LockBit named, charged, has assets frozen A Russian national alleged to have been the administrator of the notorious and prolific LockBit ransomware provider faces international charges. A $10-million reward for the suspect’s arrest has been offered. By Lucian Constantin May 07, 2024 3 mins Advanced Persistent Threats Hacker Groups Ransomware news US deploys commerce and communications against cyber threats, Blinken says The US government is moving to address the challenges of quantum computing, cloud strategies, and generative AI, Anthony Blinken said in a speech that was light on specifics. By Evan Schuman May 07, 2024 4 mins Cyberattacks Government Threat and Vulnerability Management news Change Healthcare went without cyber insurance before debilitating ransomware attack In doing so, Change exposed itself not just to greater financial risk, but reputational damage too. By John Leyden May 07, 2024 5 mins Data Breach Ransomware news Citrix quietly fixes a new critical vulnerability similar to Citrix Bleed Much similar to Citrix-Bleed, the information disclosure bug was identified within NetScaler devices configured as gateway or virtual servers. By Shweta Sharma May 07, 2024 3 mins Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe