Uber suffers 'cybersecurity incident' with hackers gaining access to internal systems and vulnerability reports

Uber is working with law enforcement after it became the latest company to fall victim to a cyber attack. Hackers were able to breach its internal systems and gain access to a range of data including emails, vulnerability reports, its HackerOne bug bounty program and more.

The attackers were also able to access Uber's Slack server, going as far as posting messaging to it. At the moment, it is not clear whether customer data has been exposed in the attack which seems to have come as the result of extracting passwords from an employee via social engineering.

See also:

• Microsoft issues patch for serious security vulnerability affecting everything from Windows 7 to Windows 11
• Microsoft introduces 'update under lock' so Microsoft 365 apps can be updated without user interruption
• Zoom reveals new logo and product name as part of its evolution into a communications platform

News of the security breach was first reported by the New York Times, and the hacker has shared screenshots of the Uber systems they were able to access, including with Bleeping Computer.

While it is not yet known whether user data has been accessed, the fact that the attacker was able to access Uber's HackerOne bug bounty program is extremely concerning. In gaining access to this data, the hacker will have been able to learn about other vulnerabilities that have been discovered with Uber's systems.

In a tweet from its public relations Twitter account, Uber confirmed that the security breach, but gave nothing in the way of detail:

The full extent of the security breach is not yet known, but more details should emerge in the coming days.

Image credit: itchaz.gmail.com / depositphotos