Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Evening Standard
Evening Standard
Business
Simon Hunt

Uber hacked by teenager demanding higher pay for drivers

Uber secretly lobbied ministers to influence London’s transport policy, it has been reported (Laura Dale/PA)

(Picture: PA Archive)

Cybersecurity policies at Uber were called into question today after the ride-hailing app was forced to shut down its staff messaging service following a security breach on its computer network.

The hacker who claimed responsibility for the breach said he was 18 years old, according to the New York Times, and called for Uber drivers to receive higher pay. He claimed to have been able to access to the company’s email and cloud storage systems, and said the firm had weak security standards.

He was able to gain access to an Uber worker’s Slack account posing as an IT assistant and sent messages to Uber employees which read: “I announce that I am a hacker and Uber has suffered a data breach.”

Uber’s Slack system was taken offline as a result of the hack, with staff told the firm’s security workers “don’t have an estimate right now as to when full access to tools will be restored” in an internal email seen by the New York Times.

San Francisco-based Uber has faced criticism in the past for its handling of cybersecurity incidents. In 2016, the firm paid a $100,000 ransom to hackers to delete records of millions of driver and rider accounts stolen from the company. Uber’s security chief, Joe Sullivan, was fired by the company for his role in the debacle, and was charged with obstructing justice for keeping the security breach a secret for more than a year.

In a tweet, Uber said: “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”

In a statement to the Reuters news agency, Slack said it was investigating the incident and that there was no evidence of vulnerability on its network.

 Tim Callan, Chief Compliance Officer at security firm Sectigo, said: “Attacks like this are all too common. No matter how vigilant a company’s security culture is, these fundamental vulnerabilities will remain so long as traditional username-password credentials control access.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.