Skip to main content

Uber says ‘no evidence’ user accounts were compromised in hack

Uber says ‘no evidence’ user accounts were compromised in hack

/

An 18-year-old hacker gained administrator access to the company’s internal software systems

Share this story

Uber Comfort Electric is coming to more cities in North America.
Illustration by Alex Castro / The Verge

Uber says there is “no evidence” that any of its users’ private information was compromised in a breach of its internal computer systems discovered Thursday. All of the company’s products, including its ride-hail and Uber Eats food delivery services, are currently “operational,” and law enforcement has been notified, Uber said in a statement this afternoon.

The hack, which was discovered Thursday, forced the company to take several of its internal systems offline, including Slack, Amazon Web Services, and Google Cloud Platform. Uber is continuing to investigate how a hacker, who claims to be 18 years old, was able to gain administrator access to the company’s internal tools.

Those internal software tools were taken offline yesterday afternoon as “a precaution” and started to come back online earlier today, the company says.

The hacker announced themselves to Uber’s employees by posting a message on the company’s internal Slack system. “I announce I am a hacker and Uber has suffered a data breach,” screenshots of the message circulating on Twitter read. The alleged hacker then listed confidential company information they said they’d accessed and posted a hashtag saying that Uber underpays its drivers. 

The alleged hacker, who spoke to a reporter with The New York Times, claims to have received a password allowing access to Uber’s systems from an employee of the company whom he tricked by posing as a corporate IT official — a technique known as social engineering.

The company isn’t advising its users to make any proactive changes to their accounts at this time

Security experts consulted by the Times said the hack appeared to be a “total compromise” of Uber’s systems. But the company isn’t advising its users to make any proactive changes to their accounts at this time, like changing passwords, a spokesperson said.

This isn’t the first time Uber has fallen victim to hackers. The company was the target of a massive cybersecurity attack that took place in October 2016, exposing the confidential data of 57 million customers and drivers. Uber recently admitted to covering up the hack as part of a settlement with the US Department of Justice to avoid criminal prosecution.

Hackers used stolen credentials to access a private source code repository and obtain a proprietary access key, which they then used to access and copy large quantities of data associated with Uber’s users and drivers, including data pertaining to approximately 57 million user records with 600,000 driver’s license numbers. 

Joe Sullivan, Uber’s chief security officer at the time, was complicit in the cover-up and was later charged with obstruction of justice for trying to hide a data breach from the Federal Trade Commission and Uber management. Uber CEO Dara Khosrowshahi just took the stand in his trial, which started earlier this month.

Today’s Storystream

Feed refreshed 46 minutes ago The tablet didn’t call that play by itself

R
The Verge
Richard Lawler46 minutes ago
Green light.

Good morning to everyone, except for the intern or whoever prevented us from seeing how Microsoft’s Surface held up to yet another violent NFL incident.

Today’s big event is the crash of a NASA spaceship this evening — on purpose. Mary Beth Griggs can explain.


D
David Pierce51 minutes ago
Thousands and thousands of reasons people love Android.

“Android fans, what are the primary reasons why you will never ever switch to an iPhone?” That question led to almost 30,000 comments so far, and was for a while the most popular thing on Reddit. It’s a totally fascinating peek into the platform wars, and I’ve spent way too much time reading through it. I also laughed hard at “I can turn my text bubbles to any color I like.”


T
Youtube
Thomas Ricker7:29 AM UTC
Table breaks before Apple Watch Ultra’s sapphire glass.

”It’s the most rugged and capable Apple Watch yet,” said Apple at the launch of the Apple Watch Ultra (read The Verge review here). YouTuber TechRax put that claim to the test with a series of drop, scratch, and hammer tests. Takeaways: the titanium case will scratch with enough abuse, and that flat sapphire front crystal is tough — tougher than the table which cracks before the Ultra fails — but not indestructible.


E
Twitter
Emma RothSep 25
Rihanna’s headlining the Super Bowl Halftime Show.

Apple Music’s set to sponsor the Halftime Show next February, and it’s starting out strong with a performance from Rihanna. I honestly can’t remember which company sponsored the Halftime Show before Pepsi, so it’ll be nice to see how Apple handles the show for Super Bowl LVII.


E
Twitter
Emma RothSep 25
Starlink is growing.

The Elon Musk-owned satellite internet service, which covers all seven continents including Antarctica, has now made over 1 million user terminals. Musk has big plans for the service, which he hopes to expand to cruise ships, planes, and even school buses.

Musk recently said he’ll sidestep sanctions to activate the service in Iran, where the government put restrictions on communications due to mass protests. He followed through on his promise to bring Starlink to Ukraine at the start of Russia’s invasion, so we’ll have to wait and see if he manages to bring the service to Iran as well.


E
External Link
Emma RothSep 25
We might not get another Apple event this year.

While Apple was initially expected to hold an event to launch its rumored M2-equipped Macs and iPads in October, Bloomberg’s Mark Gurman predicts Apple will announce its new devices in a series of press releases, website updates, and media briefings instead.

I know that it probably takes a lot of work to put these polished events together, but if Apple does pass on it this year, I will kind of miss vibing to the livestream’s music and seeing all the new products get presented.


E
External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.


A
The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.