Uber (NYSE: UBER) disclosed that it is investigating a cybersecurity breach amid reports that the company had been hacked. The ride-hailing company’s operations are still down after an alleged 18-year-old hacker was able to access its network. Security experts are describing the incident as “a total compromise” of Uber’s internal systems.
“We are currently responding to a cybersecurity incident,” Uber said in a statement on Twitter. “We are in touch with law enforcement and will post additional updates here as they become available.”
Uber’s shares fell 5% on Friday following the news of the hack.
According to screenshots shared on Twitter, the hacker also gained access to Uber’s Amazon Web Services and Google Cloud accounts, as well as access to internal financial data. Uber has declined to comment on the matter beyond the statement it posted on Twitter.
“These types of social engineering attacks to gain a foothold within tech companies have been increasing,” said Rachel Tobac, chief executive of SocialProof Security. Tobac noted Twitter’s previous hack in 2020, where teens used social engineering to break into the company. Similarly, techniques were recently used to hack into Microsoft and Okta as well.
Though it has not been confirmed, cybersecurity researchers say reports indicate the hacker carried out hacking techniques in favor of social engineering. This happens when criminals use people’s inexperience to gain entry into corporate accounts and private data.
“This is a pretty low-bar to entry attack,” said Ian McShane, vice president of strategy at cybersecurity firm Arctic Wolf. “Given the access they claim to have gained, I’m surprised the attacker didn’t attempt to ransom or extort, it looks like they did it ‘for the lulz’.”
“It’s proof once again that often the weakest link in your security defenses is the human,” McShane added.