Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

The Uber hack is an outrageous tale of a teen hacking for fun

Uber suffered a serious breach of its system earlier this month, allowing the bad actor to wreak all sorts of havoc — from spamming the employee Slack chats with explicit imagery to defacing the internal websites and stealing sensitive media. The ride-sharing company has now released an updated statement, putting the blame on the infamous Lapsus$ hacking group.

The attack, and the subsequent announcement, were so brazen that some employees took it as a joke from one of their colleagues and responded to the hacker’s message with light-hearted emojis. The hacker revealed to The New York Times that he was an 18-year-old person. To further rub salt into Uber’s wounds, the cybercriminal told The Washington Post that he breached the company’s systems for fun and might leak the source code in the coming months.

Post where the leaker directly links themselves to Uber hack. I’ve removed all the screenshots of system access (which you may spot a familiarity with from incidents earlier this year).

— Kevin Beaumont (@GossiTheDog) September 18, 2022

The hacker in question, who goes by the alias “teapotuberhacker,” is also said to be the mastermind behind the massive GTA 6 leak that popped up a few days ago and rocked the entire video game industry. The hacker claims to have stolen sensitive material like game source codes from Rockstar’s systems, but in Uber’s case, the company claims that nothing of such severe magnitude happened.

Interestingly, young hackers appear to have a special kind of affinity for targeting Uber. Back in 2017, a 20-year-old Floridian reportedly stole personal data belonging to 57 million Uber users, but the company sat on the breach and only disclosed it a year later.

Lapsus$, or just teens raising hell?

Uber says it is currently in touch with the FBI and the U.S. Department of Justice to handle the situation moving ahead. Interestingly, the FBI recently issued a statement asking for public help in order to nab members of the notorious group. The plea came in the wake of high-profile security breaches targeting U.S. tech titans like T-Mobile, Microsoft, and Nvidia, among others.

It is believed that members of the group include a healthy bunch of teenagers, as per experts cited in a report published by The Washington Post. According to a BBC report, a duo of 16-year and 17-year-old were charged following an international investigation chasing cybercrime incidents. Prior to that, London’s police department had arrested seven troublemakers between the ages of 16 and 21 over similar Lapsus$-adjacent cyber crimes.

FBI public notice targeting lapsus group
Image used with permission by copyright holder

Per a Bloomberg report, the 16-year-old was reportedly the mastermind of the Lapsus$ group’s activities, and despite living in their mother’s apartment, they managed to amass a fortune worth about $14 million. In the past, the gang has also targeted Samsung, EA, Ubisoft, Vodafone, and Okta, among other recognizable names.

The group garnered widespread international attention after stealing the COVID-19 vaccination records of millions of citizens from the systems of Brazil’s Ministry of Health. Aside from stealing sensitive data, the group has been involved in cyber vandalism and website defacement. Experts told Forbes that the group recently engineered a DNS attack that redirected visitors of the target websites to pornographic sites.

What exactly happened at Uber?

The Uber hacker announced their accomplishment in a rather epic fashion. As per screenshots making rounds of social media, the bad actor posted a message in the employee Slack group claiming, “I am a hacker and uber has suffered a data breach.” The malicious party then proceeded to download Slack messages alongside details of an internal tool that is used to manage invoices.

Honestly kind of a classy way to hack someone 😂😂😂@Uber

— Colton (@ColtonSeal) September 16, 2022

Days after the incident was first reported, Uber has now clarified that any sensitive user information such as account details, trip history, bank account numbers, and credit card details wasn’t stolen. Moreover, whatever vulnerabilities and bugs that were gleaned from Uber’s HackerOne dashboard have since been patched. Compromised employee accounts that paved the way for an alleged social engineering hack were either blocked or had their credentials reset.

To ensure that no further harm is done, Uber also locked the platform’s codebase and froze any further submissions, while also kickstarting a passkey rotation policy for its internal systems. Uber says it is currently working with “several leading digital forensics firms” to further investigate the security incident.

Editors' Recommendations

Nadeem Sarwar
Nadeem is a tech journalist who started reading about cool smartphone tech out of curiosity and soon started writing…
Tesla factories’ security cameras caught up in wider hack
Tesla Gigafactory

A Silicon Valley startup offering cloud-based security camera services has had its systems breached in an attack that gave hackers access to numerous live feeds, some of them coming from Tesla factories.

Verkada, which launched in 2016, had around 150,000 of its cameras hacked, with many of the devices installed in hospitals, schools, police departments, prisons, and companies that besides Tesla also included software provider Cloudflare, according to a Bloomberg report on Tuesday, March 9.

Read more
Uber sells its flying-taxi business to another flying-taxi business
flying taxi

Uber has abandoned its effort to build a so-called “flying car,” taking it out of the race to launch an air-taxi service.

Joby Aviation, which is developing its own all-electric, vertical take-off and landing passenger aircraft (eVTOL), has agreed to acquire Uber’s flying-car unit — Uber Elevate — for an undisclosed sum, Joby announced on Tuesday, December 8.

Read more
Uber gives up on developing its own self-driving car
Uber self-driving car

Uber has announced it's selling its self-driving car unit, although it isn’t entirely cutting its interest in autonomous vehicles.

The company will sell its autonomous-vehicle unit -- Advanced Technologies Group (ATG) -- to Aurora, a Silicon Valley-based company founded in 2017 by former contributors to self-driving-car projects operated by Google (now Waymo) and Uber.

Read more