We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Teenager Hacks Uber for Fun, Threatens to Leak Source Code

The Uber logo on a big banner.
NYCStock / Shutterstock.com

A hacker appears to have breached Uber’s internal systems, gaining administrative access to its AWS, HackerOne, Google Workspace, Slack, vSphere, and financial accounts. The hacker, who claims to be 18 years old, tells The Washington Post that they may leak Uber’s source code “in a few months.”

Uber is currently investigating the breach with help from the authorities. It has not commented on the incident, nor has it confirmed the severity of the hack. At the time of writing, we only have information provided by the alleged hacker (who is freely sharing screenshots of Uber’s internal systems) and Uber employees.

The hacker didn’t have much trouble breaking into Uber’s systems. They simply tricked an Uber employee into sharing VPN details. Once the hacker accessed Uber’s VPN, they scanned the company’s intranet and found admin login credentials in a powershell script.

These login credentials unlocked Uber’s internal systems. The hacker quickly leaked Uber’s financial data and commented on all of its HackerOne tickets. Oddly enough, they also replaced Uber’s internal webpages with photos of genitalia, accompanied by short messages about how Uber employees are “wankers.” So, the teenage hacker is probably British.

The hacker even announced their presence on Uber’s Slack, flatly stating “I am a hacker and Uber has suffered a data breach.” They concluded their message with “#uberunderpaisdrives,” a reference to Uber’s refusal to classify drivers as full-time workers.

Uber employees thought that the Slack message was a joke. They responded with tons of emoji, Spongebob memes, and the infamous “it’s happening” GIF.

We still don’t know the full extent of this data breach. But for what it’s worth, it seems that this hacker is more interested in antagonizing Uber leadership than collecting personal data. Our main concern is the Uber source code—if it leaks, it will probably reveal new vulnerabilities in Uber’s internal systems.

Source: The Washington Post

Andrew Heinzman Andrew Heinzman
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read Full Bio »