The company confirmed on Thursday that it is responding to a cyber incident.
According to a report by The New York Times, the ride-sharing giant took several of its internal communications and engineering systems offline after discovering a security issue.
The company said in a statement that it is in contact with law enforcement and that it is investigating a cybersecurity incident.
The sole hacker behind the beach, who claims to be 18 years old, told the NYT that he was able to compromise the company because of its weak security. The attacker used social engineering to compromise an employee's account, persuading them to hand over a password that allowed them access to the company's systems
The New York Times reports that before the Slack system was taken offline, employees of the ride-sharing company received a message that said they had been a victim of a data hack. According to reports, the hacker said that the drivers of the ride-sharing service should be paid more.
The attacker found high privileged credentials on a network file share and used them to access everything, including production systems, according to Kevin Reed.
Reed said that there is a high chance that a lot of people have access to your data if you had it in the company.
The attacker is thought to have gained administrative access to the cloud services of the company, as well as the HackerOne bug bounty program.
The threat actor probably had access to all of the company's vulnerability reports, which means they may have had access to vulnerabilities that have not been fixed. The bug bounty program has been stopped by Hacker One.
Chris Evans, HackerOne CISO and Chief Hacking Officer, said in a statement that the company is in close contact with the security team of the ride hailing company and will continue to assist with their investigation.
This isn't the first time that the company's computer systems have been compromised. In 2016 hackers stole information from 57 million driver and rider accounts and then asked for $100,000 to destroy it. The news of the hack was not reported for more than a year.
You can contact this author if you know more about the incident.