Ride hailing app Uber has become the latest high-profile business to fall foul of hackers, with one of the company’s own employees thought to be the weak link.
The audacious hacker managed to not only get access to the tightly locked down system, but unveiled their presence to company employees by sharing an internal message saying: “I announce I am a hacker and Uber has suffered a data breach”. They also posted an explicit photograph on the company’s intranet.
Screengrabs of emails, cloud storage and code repositories were also taken and shared with US newspaper The New York Times – which has reported that the cybercriminal is just 18 years old.
Despite the hacker gaining an embarrassing level of access to Uber’s systems, it appears the organisation has so far escaped with only its reputation damaged. No personal data is thought to have been harvested or released, the hacker seemingly more interested in the notoriety.
Uber’s data has long been kept under strict lock and key; the app company having used white hack hackers and bug bounties to identify any potential weaknesses before they’re exploited by anyone with less-than-honourable intentions.
However, the weakness came not from its IT system but a company employee who was tricked into letting the hacker in.
As the BBC’s Joe Tidy explained: “The saying goes in cyber-security that ‘humans are the weakest link’, and once again this hack shows [it].”
In an update following the hack, Uber has maintained that it has seen “no evidence” that personal data (including trips taken) was accessed by the hacker, and that all the company’s services remain operational.
Whilst this will provide some succour for Uber users, analysts have noted that seeing “no evidence” is not quite the same as guaranteeing that data wasn’t accessed or downloaded. As such, many are keeping a close eye on what the company will announce in its coming updates.