A hacker claiming to be 18 has posted screenshots taken from inside Uber computers
San Francisco (AFP) – Uber said Friday it is investigating a “cyber security incident,” declining to comment on reports that a young hacker gained access to the carrier’s computer network.
Uber spread word about the hack late Thursday in a tweet, and an 18-year-old hacker claimed to be posting screenshots taken from inside Uber computers.
“He says he simply — having already set a valid username and password — tricked an Uber employee into giving him access to internal systems,” Graham Cluley, an independent cybersecurity analyst, said on his website.
Online comments purportedly from the hacker indicated that he targeted an Uber employee with more than an hour’s notice, then contacted the worker via WhatsApp claiming to be a member of the company’s technical support team.
“Perhaps many other companies are at risk of falling for a similar scam,” Cluley said.
Uber said on Friday that all of its services were operating and that it had “no evidence that the incident was related to access to sensitive data” such as users’ flight history.
The San Francisco-based company added that employee software tools have been closed as a precaution.
“There is a reason cybersecurity experts say that humans are often the weakest link,” said Ray Kelly, a fellow at Synopsys Software Integrity Group in Silicon Valley.
“Whether it’s phishing/SMS attacks or a simple phone call to get an employee to give up their credentials, ‘social engineering’ will be the easiest route for a malicious actor.”