Uber has launched an investigation after a hacker claimed to have breached many of the ride sharing giant’s systems.
The company has not shared any information, but it has confirmed that it’s responding to a cybersecurity incident. Uber says law enforcement has been notified and it has promised to share updates on Twitter.
One individual has taken credit for the attack. He has posted several screenshots and talked to members of the cybersecurity community and the media to demonstrate his claims. Some Uber employees have also apparently confirmed that the company’s systems have been breached.
The hacker told The New York Times he is 18 years old and that he used SMS phishing to trick an Uber employee into handing over their credentials. He said he has been working on his cybersecurity skills for years.
This is not the first time Uber has been breached. In 2016, the details of 57 million riders and drivers were taken from the company’s systems by two individuals living in the United States and Canada.
The company recently reached a settlement with federal investigators over its efforts to cover up the 2016 breach, but Uber’s then-CSO, Joe Sullivan, is facing a trial over his alleged role in the cover-up, which included paying the attackers $100,000 through its bug bounty program to destroy the stolen data and make it look like the breach had a smaller impact.
Writing by Tersoo Nicholas, Editing by Omotola Oguneye