Uber
UBER -3.46%
Technologies Inc. said Friday that its systems were working and it had no evidence that sensitive user data were involved in a security breach after a hacker claimed to have gained widespread access to the company’s computer systems.
The ride-sharing giant said that sensitive data like users’ trip history doesn’t seem to have been involved in the hack. It said all its services were operational and its internal systems, which it had shut down protectively, were coming back online.
“All of our services including
Uber,
UBER -3.46%
Uber
Eats,
Uber
Freight, and the
Uber
Driver app are operational,” the company said in a tweet.
On Thursday, a hacker, identified only by the Telegram handle Tea Pot, gained control of
Uber’s
login at HackerOne, a firm that helps companies work with researchers to identify cybersecurity flaws, according to HackerOne users. The hacker provided researchers with screenshots that appeared to show widespread access to a range of administrative accounts that manage
Uber’s
technology systems, including the company’s Amazon Web Services and Google clouds, as well as
VMware Inc.’s
systems, the researchers said.
Uber
said on Friday that it had cut off employee access to Zoom, Slack and Gmail following the incident, but by Friday had restored the use of Zoom and Gmail.
Security experts who have talked to the hacker said the hacker claims to have tricked an Uber employee into granting them access to Uber’s virtual private network. Once on the network, the hacker was able to gain access to other credentials that provided more widespread access.
Uber’s latest cybersecurity problem comes a little over a week after a trial started over its former security chief’s role in responding to an earlier hack.
In 2016, Uber had a data breach during which hackers were able to download about 57 million records. Millions of riders’ names, emails and phone numbers were accessed, as were about 600,000 driver’s license numbers. A year later, Uber disclosed the breach and said it paid the hackers $100,000 as part of the company’s bug bounty program.
The company said at the time that it had fired its chief security officer and deputy for their roles in the company’s response to the breach. The security chief, Joe Sullivan, is now on trial, facing criminal obstruction charges for his role in concealing the incident from the Federal Trade Commission, which was investigating Uber at the time. The trial started last week in U.S. District Court in San Francisco.
Uber shares were down around 4% in midday trading Friday. Over the last 12 months, they have outperformed the broader market, falling around 21%, while the Nasdaq Composite index fell around 26%.
Write to Robert McMillan at Robert.Mcmillan@wsj.com and Meghan Bobrowsky at Meghan.Bobrowsky@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.