Uber hack news: No evidence of sensitive user data loss, company claims

In this photo illustration, the Uber app is seen on an iPhone 13 Pro in Washington, DC. (Photo by Samuel Corum / AFP) (AFP)Premium
In this photo illustration, the Uber app is seen on an iPhone 13 Pro in Washington, DC. (Photo by Samuel Corum / AFP) (AFP)
 2 min read . Updated: 17 Sep 2022, 01:30 PM IST Edited By Sounak Mukhopadhyay

Uber has said that internal software tools that were taken offline yesterday as a precaution are now available again.

Listen to this article

There is no proof that the hacker had access to critical user data, according to Uber, which stated on September 16 that all of its services were operating following what security experts are calling a catastrophic data breach. The incursion, which was likely the result of a single hacker, highlighted a social engineering-based hacking approach that is growing more and more effective: The hacker succeeded in tricking an Uber employee into disclosing their login credentials by posing as a coworker.

In a statement posted online, Uber said “internal software tools that we took down as a precaution yesterday are coming back online".

Uber claimed that all of its services, such as Uber Eats and Uber Freight, were up and running and that it had contacted law enforcement. According to an email from the FBI, its support to Uber was ongoing and it was aware of the cyber incident affecting the company.

Uber denied that critical user data including trip histories had been accessed by the intrusive party, but did not respond to concerns from The Associated Press regarding whether the data was encrypted or not.

The potential harm of the hack was substantial: Security experts have photographs taken by the hacker that show their complete access to the cloud-based infrastructure that Uber uses to hold private consumer and financial data.

The amount of data the hacker stole and their length of stay within Uber's network are unknown. A person who self-identified as an 18-year-old to one of two researchers who spoke with them directly indicated they seemed interested in publicity. There was no evidence they deleted data.

However, documents provided to the researchers and extensively disseminated on Twitter and other social media platforms showed the hacker was able to get access to Uber's most important internal systems. Online feedback from the cybersecurity community was harsh.

The hacker sent screenshots, many of which were posted online, showing the access to internal systems and critical financial information. The hacker who disclosed the attack on Uber's internal Slack communication system is also widely known online.

(With agency inputs)

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
More Less
Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Post your comment
RELATED STORIES

Uber says looking into 'cybersecurity incident' after report of network breach

Uber created economic value of 44,600 crore for India in 2021: Report

Premiu

Uber has no plans to quit mobility business: India head