Slack Account Hacked in Uber Cybersecurity Incident

On September 15, 2022, Uber announced that it is investigating a cybersecurity incident following reports that it had been hacked. A hacker had gained control of Uber’s internal systems after compromising the Slack account of an employee. Initial reports indicate that the hacker used social engineering, a tactic by which criminals prey on people’s credulity and inexperience to gain entry to corporate accounts and sensitive data.  After compromising Uber’s internal Slack messaging service, the hacker accessed other internal databases, took over Uber’s Amazon Web Services and Google Cloud accounts, and gained access to internal financial data.

Ian McShane, vice president of strategy at cybersecurity firm Arctic Wolf, said, “It’s proof once again that often the weakest link in your security defenses is the human.” News of the attack comes at the same time as Uber’s former security chief, Joe Sullivan, is on trial over a 2016 breach in which the records of 57 million users and drivers were stolen. In 2017, the company acknowledged that it had concealed the attack and the following year paid $148 million in a settlement with 50 U.S. states and Washington, D.C.