Uber Responds to Breach After Hacker Claims Widespread Access

Uber Technologies Inc. UBER 0.24%▲ is responding to a cybersecurity breach after a hacker claimed to have gained widespread access to the company’s computer systems. 

“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post any additional updates here as they become available,” a Twitter account for the ride-hailing company tweeted Thursday night. 

On Thursday a hacker, identified only by the Telegram handle Tea Pot, gained control of Uber’s account with HackerOne, a firm that helps companies work with security researchers, according to the company and researchers on the platform. The hacker provided security researchers with screenshots that appeared to show widespread access to a range of administrative accounts that manage Uber’s technology systems, including the company’s Amazon Web Services and Google clouds, as well as VMware systems, the researchers said.

If the hacker’s claims are true, the incident would represent a broad compromise for the company, said Robert Graham, a cybersecurity consultant. 

“It’s all of their IT information. And because they’re an IT company, it’s everything,” he said. 

Other than the HackerOne account compromise, The Wall Street Journal couldn’t verify Tea Pot’s other claims. 

“We got alerted to this promptly by our customer Uber,” said Marten Mickos, HackerOne’s chief executive, in a text message. “We locked access to their data in order to protect it. We have a team assisting them in their investigation.”

Tea Pot told Sam Curry, a security engineer who works for Yuga Labs, that they had tricked an Uber employee into granting them access to Uber’s virtual private network. Once on the network, the hacker was able to gain access to other credentials that provided more widespread access. 

Reached via Telegram late Thursday, Tea Pot claimed to be the hacker but didn’t respond to questions about the hack.

Uber’s latest cybersecurity problem comes a little over a week after a trial started over its former security chief’s role in responding to an earlier hack.

In 2016, Uber had a data breach that affected about 57 million records. Millions of riders’ names, emails and phone numbers were accessed, as were about 600,000 driver’s license numbers. A year later, Uber disclosed the breach and said it paid the hackers $100,000.

The company said at the time that it had fired its chief security officer and deputy for their roles in the company’s response to the breach. The security chief, Joe Sullivan, is now on trial, facing criminal obstruction charges for his role in paying the hackers. The trial started last week in U.S. District Court in San Francisco. 

Write to Robert McMillan at Robert.Mcmillan@wsj.com and Meghan Bobrowsky at Meghan.Bobrowsky@wsj.com

Appeared in the September 16, 2022, print edition as 'Uber Says It Was Hit By Cyber Incident'.