Uber Down After Teen Hacker Takes Over Everything from Source Code to Slack

The 18-year-old hacker sent an email to every Uber employee: "I announce I am a hacker and Uber has suffered a data breach.”

We may earn a commission from links on this page.
Travelers wait for an Uber ride at Midway International Airport on May 09, 2022 in Chicago, Illinois.
Travelers wait for an Uber ride at Midway International Airport on May 09, 2022 in Chicago, Illinois.
Image: Scott Olson (Getty Images)

You’d think with all the money Uber has lit on fire from its founding up to present day, the company would have spent a little more of it on cybersecurity. That doesn’t seem the case. Uber’s operations are still down after an 18-year-old hacker gained full access to the company’s network in what security experts are calling “a total compromise” of Uber’s internal systems.

The hacker managed to get into all of Uber’s internal systems, including source code, internal internet and email networks, as well as the company’s Slack communications channels. The teenager even posted an explicit image on an internal info page meant for employees, and put up messages demanding higher pay for drivers. If you’re going to turn a major company’s internal workings into your own personal playground, you might as well make class consciousness a part of it.


Amazingly, the New York Times managed to communicate with the alleged hacker, who explained to the paper exactly how he pulled off the feat:

The person who claimed responsibility for the hack told The New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering.

“These types of social engineering attacks to gain a foothold within tech companies have been increasing,” said Rachel Tobac, chief executive of SocialProof Security. Ms. Tobac pointed to the 2020 hack of Twitter, in which teenagers used social engineering to break into the company. Similar social engineering techniques were used in recent breaches at Microsoft and Okta.


The hacker, who provided screenshots of internal Uber systems to demonstrate his access, said that he was 18 years old and had been working on his cybersecurity skills for several years. He said he had broken into Uber’s systems because the company had weak security. In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.


There is no estimated timeline for when Uber hopes to regain control of its systems. As of this writing, Uber is still under the sway of a 18-year-old hobbyist. The hacker should be careful, though, as he’s reached the age where he can be tried as an adult — that is, if authorities manage to identify and catch him.


This isn’t the first time a hacker has hit Uber. In 2016, a security breach exposed the data of 57 million drivers and customers.