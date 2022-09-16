Enlarge this image toggle signature Jeff Chiu/AP

Taxi service Uber said on Friday that all of its services are up and running after what security experts called a major data breach. It states that there is no evidence that the hacker gained access to users’ sensitive data.

A lone hacker announced the hack on Thursday after apparently tricking an Uber employee into providing credentials.

Screenshots shared by the hacker with security researchers show that the individual has gained full access to the cloud systems where Uber stores sensitive customer data and financial data.

It is not known how much data the hacker stole and how long it was on the Uber network. Two researchers who spoke directly to a man who introduced himself to one of them as an 18-year-old said they appeared to be interested in publicity. There was no indication that they destroyed the data.

But files handed over to researchers and widely shared on Twitter and other social networks showed that the hacker was able to gain access to Uber’s most critical internal systems.

“He had really bad access. It’s terrible,” said Corbin Leo, one of the researchers who spoke with the hacker via online chat.

He said the screenshots shared by the person showed the attacker gained access to systems stored on Amazon and Google cloud servers, where Uber stores source code, financial data and customer data such as driver’s licenses.

“If he had the keys to the kingdom, he could start stopping services. He could delete the data. It could download customer data, change people’s passwords,” said Leo, a researcher and head of business development at security company Zellic.

Screenshots shared by the hacker, many of which leaked online, showed he had access to sensitive financial data and internal databases. Among them was one in which a hacker reported that Uber Slack’s internal collaboration system had been hacked.

Sam Curry, a Yuga Labs engineer who also spoke to the hacker, said there was no indication that the hacker did any damage or was interested in anything more than advertising. “I think they want to get as much attention as possible.”

Curry said he spoke Thursday to several Uber employees who said they were “working to lock down everything inside” to limit the hacker’s access. This included the San Francisco-based company’s Slack network, he said.

In a statement posted online on Friday, Uber said “internal software tools that we disabled yesterday as a precautionary measure are returning to the network.”

He said that all of his services, including Uber Eats and Uber Freight, are working.

The company did not respond to questions from The Associated Press, including whether the hacker had access to customer data and whether that data was stored in encrypted form. The company said there is no evidence that the attacker gained access to “sensitive user data” such as travel history.

Curry and Leo said the hacker did not indicate how much data was copied. Uber has not recommended any specific actions to its users, such as changing passwords.

The hacker alerted researchers to Thursday’s intrusion using an internal Uber account on the company’s network. used to publish vulnerabilities identified through the bug bounty program, who pays ethical hackers to look for weaknesses in the network.

After commenting on these messages, the hacker provided the Telegram account address. Curry and other researchers then set up a separate conversation with them, during which the attacker provided screenshots of various Uber cloud provider pages to prove that they had hacked into the system.

The AP tried to contact the hacker via a Telegram account but received no response.

Screenshots posted on Twitter appear to confirm what the researchers said the hacker claimed: They gained privileged access to Uber’s most critical systems through social engineering. Essentially, the hacker discovered the password of an Uber employee. Then, posing as a work colleague, the hacker bombarded the employee with text messages asking him to confirm that he was logged into his account. In the end, the employee relented and provided the two-factor authentication code that the hacker used to log into the system.

Social engineering is a popular hacking strategy since humans tend to be the weakest link in any network. It was used by teenagers in 2020 to hack Twitter, and more recently it was used to hack tech companies Twilio and Cloudflare.

Uber has already been hacked.

His former chief of security, Joseph Sullivan, is currently on trial for allegedly orchestrating a $100,000 payout to hackers to cover up a high-tech heist in 2016 that stole the personal information of about 57 million customers and drivers.