Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

The Uber hack is an outrageous tale of a teen hacking for fun

Uber suffered a serious breach of its system earlier this month, allowing the bad actor to wreak all sorts of havoc — from spamming the employee Slack chats with explicit imagery to defacing the internal websites and stealing sensitive media. The ride-sharing company has now released an updated statement, putting the blame on the infamous Lapsus$ hacking group.

The attack, and the subsequent announcement, were so brazen that some employees took it as a joke from one of their colleagues and responded to the hacker’s message with light-hearted emojis. The hacker revealed to The New York Times that he was an 18-year-old person. To further rub salt into Uber’s wounds, the cybercriminal told The Washington Post that he breached the company’s systems for fun and might leak the source code in the coming months.

Recommended Videos

https://twitter.com/GossiTheDog/status/1571467560826163200

The hacker in question, who goes by the alias “teapotuberhacker,” is also said to be the mastermind behind the massive GTA 6 leak that popped up a few days ago and rocked the entire video game industry. The hacker claims to have stolen sensitive material like game source codes from Rockstar’s systems, but in Uber’s case, the company claims that nothing of such severe magnitude happened.

Interestingly, young hackers appear to have a special kind of affinity for targeting Uber. Back in 2017, a 20-year-old Floridian reportedly stole personal data belonging to 57 million Uber users, but the company sat on the breach and only disclosed it a year later.

Lapsus$, or just teens raising hell?

Uber says it is currently in touch with the FBI and the U.S. Department of Justice to handle the situation moving ahead. Interestingly, the FBI recently issued a statement asking for public help in order to nab members of the notorious group. The plea came in the wake of high-profile security breaches targeting U.S. tech titans like T-Mobile, Microsoft, and Nvidia, among others.

It is believed that members of the group include a healthy bunch of teenagers, as per experts cited in a report published by The Washington Post. According to a BBC report, a duo of 16-year and 17-year-old were charged following an international investigation chasing cybercrime incidents. Prior to that, London’s police department had arrested seven troublemakers between the ages of 16 and 21 over similar Lapsus$-adjacent cyber crimes.

FBI public notice targeting lapsus group
Image used with permission by copyright holder

Per a Bloomberg report, the 16-year-old was reportedly the mastermind of the Lapsus$ group’s activities, and despite living in their mother’s apartment, they managed to amass a fortune worth about $14 million. In the past, the gang has also targeted Samsung, EA, Ubisoft, Vodafone, and Okta, among other recognizable names.

The group garnered widespread international attention after stealing the COVID-19 vaccination records of millions of citizens from the systems of Brazil’s Ministry of Health. Aside from stealing sensitive data, the group has been involved in cyber vandalism and website defacement. Experts told Forbes that the group recently engineered a DNS attack that redirected visitors of the target websites to pornographic sites.

What exactly happened at Uber?

The Uber hacker announced their accomplishment in a rather epic fashion. As per screenshots making rounds of social media, the bad actor posted a message in the employee Slack group claiming, “I am a hacker and uber has suffered a data breach.” The malicious party then proceeded to download Slack messages alongside details of an internal tool that is used to manage invoices.

Honestly kind of a classy way to hack someone 😂😂😂@Uber pic.twitter.com/fFUA5xb3wv

— Colton (@ColtonSeal) September 16, 2022

Days after the incident was first reported, Uber has now clarified that any sensitive user information such as account details, trip history, bank account numbers, and credit card details wasn’t stolen. Moreover, whatever vulnerabilities and bugs that were gleaned from Uber’s HackerOne dashboard have since been patched. Compromised employee accounts that paved the way for an alleged social engineering hack were either blocked or had their credentials reset.

To ensure that no further harm is done, Uber also locked the platform’s codebase and froze any further submissions, while also kickstarting a passkey rotation policy for its internal systems. Uber says it is currently working with “several leading digital forensics firms” to further investigate the security incident.

Nadeem Sarwar
Nadeem is a tech and science journalist who started reading about cool smartphone tech out of curiosity and soon started…
Uber says it’s investigating ‘cybersecurity incident’
An Uber App on a smartphone.

Computer systems belonging to ridesharing giant Uber appear to have been targeted by hackers in what could be a serious security breach. The company reported on Thursday evening that it had contacted law enforcement after learning of what it described as a “cybersecurity incident.”

In a tweet posted at about 9:30 p.m. ET, Uber said: “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”

Read more
The 5 most disturbing Uber Files revelations you need to know
An Uber sticker is visible in the window of a car.

Uber might well be synonymous with the app-based ride-hailing system, but the company’s history hasn’t exactly been a clean slate. From misogynistic jokes cracked by founder and former CEO Travis Kalanick and sabotaging rivals by booking fake rides, to misuse of a “God View” technology and underpaying drivers, Uber has had its fair share of scandals over the years.

Now, the company has courted possibly the most significant controversy in its history. Dubbed the Uber Files, British news agency The Guardian got access to a huge cache of 124,000 documents containing emails and text exchanges, internal presentations, briefing material, and memos that reveal a history of extremely worrying behavior and borderline criminal activities that Uber was involved in between 2013 and 2017.

Read more
Uber riders, dare to peek at this new data on the ridesharing app?
An Uber driver and rider.

If you’re an Uber rider, you can now drill down into the data that creates your overall rating on the ridesharing service, enabling you to see precisely how many 5-star scores drivers have given you. And how many 1-star scores, too.

The new feature, announced by Uber in a blog post on Wednesday, February 16, will hopefully provide reassurance that you’re a truly wonderful passenger, though it may give some riders pause for thought, too. And take note -- Uber brought in a system in 2019 that can lead to poorly rated passengers being banned from the ridesharing service.

Read more