(Reuters) – Uber Technologies Inc said on Thursday it was investigating a cybersecurity incident, after a report that its network was breached and the company had to shut several internal communications and engineering systems.
A hacker compromised an employee’s workplace messaging app Slack and used it to send a message to Uber employees announcing that the company had suffered a data breach, according to a New York Times report on Thursday that cited an Uber spokesperson.
It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees, the report added.
“We are in touch with law enforcement and will post additional updates here as they become available,” Uber said in a tweet, without providing further details.
The Slack system was taken offline on Thursday afternoon by Uber after employees received the message from the hacker, according to the Times report, citing two employees, who were not authorized to speak publicly.
I announce I am a hacker and Uber has suffered a data breach,” the message read, and went on to list several internal databases that were claimed to be compromised, the report added.
A person, claiming responsibility for the hack, told the paper that he had sent a text message to an Uber employee claiming to be a corporate IT person.
The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, the report said.
Slack said in a statement to Reuters that the company was investigating the incident and that there was no evidence of a vulnerability inherent to its platform.
“Uber is a valued customer, and we are here to help them if they need us,” Slack, which is owned by Salesforce Inc, said in the statement.
Uber employees were instructed to not use Slack, according to the report. Other internal systems, too, were inaccessible.
(Reporting by Shubham Kalia and Maria Ponnezhath in Bengaluru; editing by Uttaresh.V, Rashmi Aich and Saumyadeb Chakrabarty)