It’s currently unclear how many people were impacted by the security breach, whether they were customers or employees, or specifically what information was compromised. However, it reportedly prompted Uber to instruct employees not to use the company’s Slack, and to disable some engineering systems.
In a statement to Mashable, Uber acknowledged that it is “currently responding to a cybersecurity incident” and has contacted law enforcement, but declined to comment further at this time.
It’s also currently unclear exactly how long Uber’s computer network was compromised. Uber allegedly only became aware of the security breach on Thursday afternoon after employees were explicitly notified by the hacker themselves. Had they not done so, it’s possible they could have remained undetected.
“I announce I am a hacker and Uber has suffered a data breach,” the hacker wrote in a message sent via an employee’s compromised Slack account.
The message included a list of internal databases the hacker claimed to have accessed, with at least some of their claims proven by an explicit photo reportedly left on an internal employee information page.
Data breaches are an unfortunate constant in our digitised world, with a new one seemingly announced every week. As such, how companies respond to these breaches is incredibly important — and Uber’s history has been less than stellar.
In 2016, Uber was the subject of an enormous, high-profile data breach which impacted 57 million people throughout the globe. However, rather than immediately disclosing this breach, the company opted to cover it up, paying a $100,000 ransom to the hackers so they’d delete the compromised data. Uber’s then-Chief Security Officer Joe Sullivan was fired over the incident and is currently facing criminal charges, with all these details only coming to light due to legal obligations.
Uber’s executive team has seen other significant changes since this incident as well, with current CEO Dara Khosrowshahi succeeding founder Travis Kalanick in 2017. Hopefully this combined with the lessons learned in 2016 have at least improved the company’s security response.