A teen hacked Uber and announced it in the company Slack. Employees thought it was a joke.

Uber's internal systems appear to have been severely compromised.


An 18-year-old hacker has taken responsibility for hacking Uber and the details are not looking good for the rideshare company.

On Thursday night, Uber announced that it had suffered a “cybersecurity incident” and that it was working with law enforcement on the issue. A report in the New York Times detailed the “incident” as a data breach that had taken many of Uber’s internal systems offline. As many more details have leaked from Uber employees, however, we now know much more about what happened.

So, how did it go down? An 18-year-old hacker deployed basic social engineering techniques targeting an Uber employee. The hacker told the New York Times that he simply posed as an IT worker from corporate in a text message and was able to convince the employee to send over a password that gave him access.

“This is yet another example of what attack after attack has shown: social engineering is the predominant way that companies fall victim to breaches, and adversaries know it works,” said Josh Yavor, chief information security officer for the cloud security company Tessian, in a statement to Mashable. “We keep seeing the same tactics play out regardless of the adversary or victim: adversaries know that people can be tricked into giving up their passwords.”On top of the simplicity of the hack, there’s another incredible facet to this breach: Uber didn’t know it was hacked until the teen hacker announced himself in the company’s Slack.

“Hi @here,” the hacker’s message began. “I announce i am a hacker and uber has suffered a data breach.”

The hacker proceeded to run down some of the company’s internal systems that were compromised, like Slack for example, and ended his message by calling out Uber for underpaying its drivers.

Uber employees, at first, thought the whole thing was a joke. 

Sam Curry, a staff engineer at Yuga Labs, the company behind the Bored Ape Yacht Club NFT project, shared additional information about the hack which he says he received from a contact at Uber. 

According to Curry’s source, Uber’s domain admin, Amazon Web Services admin, and GSuite were among some of the company accounts that were compromised. Screenshots, allegedly from the hacker, quickly spread showing his access to these services.

“Anytime I request a website, I am taken to a REDACTED page with a pornographic image and the message “F*** you wankers,” explained Curry’s Uber source.

MASHABLE