This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.bbc.co.uk/news/technology-62925047
The article has changed 4 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Uber investigating hack on its computer systems | Uber investigating hack on its computer systems |
| (about 8 hours later) | |
| Uber's computer network has been hacked. | Uber's computer network has been hacked. |
| The ride-hailing company said it was investigating after several internal communications and engineering systems had been compromised. | The ride-hailing company said it was investigating after several internal communications and engineering systems had been compromised. |
| The New York Times first reported the breach after the hacker sent images of email, cloud storage and code repositories to the newspaper. | The New York Times first reported the breach after the hacker sent images of email, cloud storage and code repositories to the newspaper. |
| Uber staff were told not use the workplace messaging app Slack, the report said, quoting two employees. | Uber staff were told not use the workplace messaging app Slack, the report said, quoting two employees. |
| Shortly before the Slack system was taken offline, Uber employees received a message that read: "I announce I am a hacker and Uber has suffered a data breach." | Shortly before the Slack system was taken offline, Uber employees received a message that read: "I announce I am a hacker and Uber has suffered a data breach." |
| It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees. | It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees. |
| Uber said it was in touch with authorities about the breach. | Uber said it was in touch with authorities about the breach. |
| We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available. | We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available. |
| There has been no indication that Uber's fleet of vehicles, its customers or payment data have been affected by the hack. | There has been no indication that Uber's fleet of vehicles, its customers or payment data have been affected by the hack. |
| Bug bounty hunters | Bug bounty hunters |
| Uber pays a subscription fee to HackerOne, a bug bounty platform based in California. Bug bounty programs are used by a lot of big businesses - essentially they pay ethical hackers to identify bugs. | Uber pays a subscription fee to HackerOne, a bug bounty platform based in California. Bug bounty programs are used by a lot of big businesses - essentially they pay ethical hackers to identify bugs. |
| Sam Curry, one of the bug bounty hunters, communicated with the Uber hacker. "It seems like they've compromised a lot of stuff," he said. | Sam Curry, one of the bug bounty hunters, communicated with the Uber hacker. "It seems like they've compromised a lot of stuff," he said. |
| Mr Curry said he spoke to several Uber employees, who said they were "working to lock down everything internally" to restrict the hacker's access. | Mr Curry said he spoke to several Uber employees, who said they were "working to lock down everything internally" to restrict the hacker's access. |
| He said there was no indication that the hacker had done any damage or was interested in anything more than publicity. | He said there was no indication that the hacker had done any damage or was interested in anything more than publicity. |
| Chris Evans, chief hacking officer for HackerOne, told the BBC: "We're in close contact with Uber's security team, have locked their data down, and will continue to assist with their investigation." | Chris Evans, chief hacking officer for HackerOne, told the BBC: "We're in close contact with Uber's security team, have locked their data down, and will continue to assist with their investigation." |
| Who is responsible? | Who is responsible? |
| The BBC has seen messages from someone who claims that various Uber admin accounts are under their control. | The BBC has seen messages from someone who claims that various Uber admin accounts are under their control. |
| The New York Times reports the hacker is 18 years old, has been working on his cyber-security skills for several years and hacked the Uber systems because "they had weak security". | The New York Times reports the hacker is 18 years old, has been working on his cyber-security skills for several years and hacked the Uber systems because "they had weak security". |
| In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay. | In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay. |
| The saying goes in cyber-security that "humans are the weakest link", and once again this hack shows that it was an employee being fooled that let the criminals in. | The saying goes in cyber-security that "humans are the weakest link", and once again this hack shows that it was an employee being fooled that let the criminals in. |
| Although the saying is true, it's also extremely unkind. | Although the saying is true, it's also extremely unkind. |
| The fuller picture emerging here shows that this hacker was highly skilled and highly motivated. | The fuller picture emerging here shows that this hacker was highly skilled and highly motivated. |
| As we saw with recent breaches of Okta, Microsoft and Twitter, young hackers with plenty of time on their hands and a devil-may-care attitude can persuade even the most careful employees into making cyber-security mistakes. | As we saw with recent breaches of Okta, Microsoft and Twitter, young hackers with plenty of time on their hands and a devil-may-care attitude can persuade even the most careful employees into making cyber-security mistakes. |
| This form of hacking through social engineering is even older than computers themselves - just ask infamous former hacker Kevin Mitnick, who was sweet-talking his way around telephone networks back in the 70s. | This form of hacking through social engineering is even older than computers themselves - just ask infamous former hacker Kevin Mitnick, who was sweet-talking his way around telephone networks back in the 70s. |
| The difference today is that hackers are able to combine the gift of the gab with very sophisticated and easy-to-use software to make their job even easier. | The difference today is that hackers are able to combine the gift of the gab with very sophisticated and easy-to-use software to make their job even easier. |