Skip to main content

Uber says it’s investigating ‘cybersecurity incident’

Computer systems belonging to ridesharing giant Uber appear to have been targeted by hackers in what could be a serious security breach. The company reported on Thursday evening that it had contacted law enforcement after learning of what it described as a “cybersecurity incident.”

In a tweet posted at about 9:30 p.m. ET, Uber said: “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”

Recommended Videos

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.

— Uber Comms (@Uber_Comms) September 16, 2022

A New York Times report said that as soon as Uber learned of Thursday’s breach, the company took a number of its internal computer systems offline while it tried to determine exactly what had happened.

According to the NYT, workers at Uber offices received a message via the company’s internal messaging system with the ominous notice: “I announce I am a hacker and Uber has suffered a data breach.”

The hacker then named a number of internal databases that they claimed to have compromised. The message was reportedly sent from an Uber employee’s account that the hacker had managed to access.

Two workers with knowledge of the incident told the NYT that they were ordered by management to stop using the messaging software, reportedly the popular platform Slack. They also found that they were unable to gain access to other internal systems operated by Uber.

Uber has yet to offer any details about the cybersecurity incident, but it’s expected to do so once it’s completed its initial investigation.

With the company holding the personal data of a huge number of riders and drivers, there will be concerns that the hacker has managed to steal much of this information.

The incident comes six years after Uber suffered a serious data breach that saw hackers nab data linked to 57 million users, including 7 million drivers.

The ridesharing company was heavily criticized for how it handled the incident after it emerged that it had kept the hack secret for more than a year. Even more concerning, under its former CEO Travis Kalanick, Uber tried to cover up the incident by offering the hacker $100,000 to destroy the stolen data.

Hackers also targeted Uber in September 2014, stealing information on 50,000 drivers and their cars. The company didn’t tell anyone about the breach until five months later.

This time, however, Uber appears keen to show that it has changed its ways, quickly tweeting about the incident soon after it learned about it. Still, that will be cold comfort for its riders and drivers if it emerges that their data has been stolen.

Uber offered this update on Saturday, September 17:

“We have no evidence that the incident involved access to sensitive user data (like trip history). All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational. As we shared yesterday, we have notified law enforcement. Internal software tools that we took down as a precaution yesterday are coming back online this morning.”

It added that its investigation and response efforts are ongoing.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Apple will pay up to $1M to anyone who hacks its AI cloud
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Apple just made an announcement that shows it means business when it comes to keeping Apple Intelligence secure. The company is offering a massive bug bounty of up to $1 million to anyone who is able to hack its AI cloud, referred to as Private Cloud Compute (PCC). These servers will take over Apple Intelligence tasks when the on-device AI capabilities just aren't good enough -- but there are downsides, which is why Apple's bug-squashing mission seems like a good idea.

As per a recent Apple Security blog post, Apple has created a virtual research environment and opened the doors to the public to let everyone take a peek at the code and judge its security. The PCC was initially only available to a group of security researchers and auditors, but now, anyone can take a shot at trying to hack Apple's AI cloud.

Read more
OpenAI uses its own models to fight election interference
chatGPT on a phone on an encyclopedia

OpenAI, the brains behind the popular ChatGPT generative AI solution, released a report saying it blocked more than 20 operations and dishonest networks worldwide in 2024 so far. The operations differed in objective, scale, and focus, and were used to create malware and write fake media accounts, fake bios, and website articles.

OpenAI confirms it has analyzed the activities it has stopped and provided key insights from its analysis. "Threat actors continue to evolve and experiment with our models, but we have not seen evidence of this leading to meaningful breakthroughs in their ability to create substantially new malware or build viral audiences," the report says.

Read more
Hackers claim 440GB of user data breached from large cybersecurity company
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Cybersecurity firm Fortinet has confirmed that user data has been taken from its Microsoft Sharepoint server and was posted to a hacking forum early this morning, as BleepingComputer reports.

The threat actor, "Fortib**ch," shared the credentials to an alleged S3 bucket (a digital box to store files online) for others to download, claiming the total is 440GB.

Read more