“They pretty much have full access to Uber,” Sam Curry, a security engineer at Yuga Labs, told The New York Times. “This is a total compromise, from what it looks like.” He announced his presence in the system by sending a message to Uber employees on Slack. The company’s Slack system was taken offline, and employees were unable to access other internal systems. Uber has contacted law enforcement officials and is launching an investigation.
The person responsible for the attack sent screenshots of Uber’s internal systems to The New York Times to prove his culpability. He stated that he had been honing his cybersecurity skills for years and that Uber has weak security, which allowed him to gain access. He also stated that he believed Uber drivers should be paid more.
Uber stated Friday that there is currently no evidence that user accounts were compromised.