Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

The Uber hack is an outrageous tale of a teen hacking for fun

Uber suffered a serious breach of its system earlier this month, allowing the bad actor to wreak all sorts of havoc — from spamming the employee Slack chats with explicit imagery to defacing the internal websites and stealing sensitive media. The ride-sharing company has now released an updated statement, putting the blame on the infamous Lapsus$ hacking group.

The attack, and the subsequent announcement, were so brazen that some employees took it as a joke from one of their colleagues and responded to the hacker’s message with light-hearted emojis. The hacker revealed to The New York Times that he was an 18-year-old person. To further rub salt into Uber’s wounds, the cybercriminal told The Washington Post that he breached the company’s systems for fun and might leak the source code in the coming months.

Recommended Videos

https://twitter.com/GossiTheDog/status/1571467560826163200

Please enable Javascript to view this content

The hacker in question, who goes by the alias “teapotuberhacker,” is also said to be the mastermind behind the massive GTA 6 leak that popped up a few days ago and rocked the entire video game industry. The hacker claims to have stolen sensitive material like game source codes from Rockstar’s systems, but in Uber’s case, the company claims that nothing of such severe magnitude happened.

Interestingly, young hackers appear to have a special kind of affinity for targeting Uber. Back in 2017, a 20-year-old Floridian reportedly stole personal data belonging to 57 million Uber users, but the company sat on the breach and only disclosed it a year later.

Lapsus$, or just teens raising hell?

Uber says it is currently in touch with the FBI and the U.S. Department of Justice to handle the situation moving ahead. Interestingly, the FBI recently issued a statement asking for public help in order to nab members of the notorious group. The plea came in the wake of high-profile security breaches targeting U.S. tech titans like T-Mobile, Microsoft, and Nvidia, among others.

It is believed that members of the group include a healthy bunch of teenagers, as per experts cited in a report published by The Washington Post. According to a BBC report, a duo of 16-year and 17-year-old were charged following an international investigation chasing cybercrime incidents. Prior to that, London’s police department had arrested seven troublemakers between the ages of 16 and 21 over similar Lapsus$-adjacent cyber crimes.

FBI public notice targeting lapsus group
Image used with permission by copyright holder

Per a Bloomberg report, the 16-year-old was reportedly the mastermind of the Lapsus$ group’s activities, and despite living in their mother’s apartment, they managed to amass a fortune worth about $14 million. In the past, the gang has also targeted Samsung, EA, Ubisoft, Vodafone, and Okta, among other recognizable names.

The group garnered widespread international attention after stealing the COVID-19 vaccination records of millions of citizens from the systems of Brazil’s Ministry of Health. Aside from stealing sensitive data, the group has been involved in cyber vandalism and website defacement. Experts told Forbes that the group recently engineered a DNS attack that redirected visitors of the target websites to pornographic sites.

What exactly happened at Uber?

The Uber hacker announced their accomplishment in a rather epic fashion. As per screenshots making rounds of social media, the bad actor posted a message in the employee Slack group claiming, “I am a hacker and uber has suffered a data breach.” The malicious party then proceeded to download Slack messages alongside details of an internal tool that is used to manage invoices.

Honestly kind of a classy way to hack someone 😂😂😂@Uber pic.twitter.com/fFUA5xb3wv

— Colton (@ColtonSeal) September 16, 2022

Days after the incident was first reported, Uber has now clarified that any sensitive user information such as account details, trip history, bank account numbers, and credit card details wasn’t stolen. Moreover, whatever vulnerabilities and bugs that were gleaned from Uber’s HackerOne dashboard have since been patched. Compromised employee accounts that paved the way for an alleged social engineering hack were either blocked or had their credentials reset.

To ensure that no further harm is done, Uber also locked the platform’s codebase and froze any further submissions, while also kickstarting a passkey rotation policy for its internal systems. Uber says it is currently working with “several leading digital forensics firms” to further investigate the security incident.

Nadeem Sarwar
Nadeem is a tech journalist who started reading about cool smartphone tech out of curiosity and soon started writing…
Uber riders, dare to peek at this new data on the ridesharing app?
An Uber driver and rider.

If you’re an Uber rider, you can now drill down into the data that creates your overall rating on the ridesharing service, enabling you to see precisely how many 5-star scores drivers have given you. And how many 1-star scores, too.

The new feature, announced by Uber in a blog post on Wednesday, February 16, will hopefully provide reassurance that you’re a truly wonderful passenger, though it may give some riders pause for thought, too. And take note -- Uber brought in a system in 2019 that can lead to poorly rated passengers being banned from the ridesharing service.

Read more
How to tell if your smartphone has been hacked
Kids playing on a smartphone.

Smartphones have profoundly changed the way people live, communicate with each other, and keep themselves entertained. But like everything else, there's a downside. Corrupt people always want what doesn't belong to them, and devise elaborate criminal methods to get what they want and make everyone else miserable. When thieves hack smartphones, they take more than possessions -- they steal information, money, identity, and -- in some cases -- reputation, all of which can destabilize and endanger the target's health and well-being.

Don't bother expending any effort to identify the hacker. While it's possible to find out who broke into your phone, most of these searches wind up failing. That's because most phone hackers operate on the dark web and behind proxy servers. They specialize in covering their tracks. Most cyberattacks and phone hacks are carried out via malware, anyway, so despite how personal it may feel, mostly it's not personal at all.

Read more
Tesla factories’ security cameras caught up in wider hack
Tesla Gigafactory

A Silicon Valley startup offering cloud-based security camera services has had its systems breached in an attack that gave hackers access to numerous live feeds, some of them coming from Tesla factories.

Verkada, which launched in 2016, had around 150,000 of its cameras hacked, with many of the devices installed in hospitals, schools, police departments, prisons, and companies that besides Tesla also included software provider Cloudflare, according to a Bloomberg report on Tuesday, March 9.

Read more