Uber Hacker May Have Compromised Secret Bug Reports
Yesterday, Uber posted on Twitter confirming that it was dealing with a cybersecurity incident. Security researchers have stated that it seems like Uber may have been breached again after a threat actor reportedly accessed the company’s email and cloud systems. In addition, the hackers may have breached Uber’s code repositories, internal Slack account, and HackerOne tickets. The hacker reportedly sent screenshots to news publishers proving that they had access to the sites. Reports state that the hacker sent a message in Slack announcing the breach, then posted a pornographic image on a separate page.
The hacker allegedly impersonated a member of the IT department and messaged an Uber employee requesting their password. The hacker claims that he is only 18 years old, according to reports. It’s also possible that sensitive vulnerability reports were compromised during the attack, including HackerOne reports. It’s possible that the individual could leverage the bugs, many of which are yet to be fixed or publicly disclosed.