Slack Account Hacked in Uber Cybersecurity Incident

September 29, 2022

aerial-view-at-group-of-business-people-working-together-and-new-on-picture-id1358416956

On September 15, 2022, Uber announced that it is investigating a cybersecurity incident following reports that it had been hacked. A hacker had gained control of Uber’s internal systems after compromising the Slack account of an employee. Initial reports indicate that the hacker used social engineering, a tactic by which criminals prey on people’s credulity and inexperience to gain entry to corporate accounts and sensitive data.  After compromising Uber’s internal Slack messaging service, the hacker accessed other internal databases, took over Uber’s Amazon Web Services and Google Cloud accounts, and gained access to internal financial data.

Ian McShane, vice president of strategy at cybersecurity firm Arctic Wolf, said, “It’s proof once again that often the weakest link in your security defenses is the human.” News of the attack comes at the same time as Uber’s former security chief, Joe Sullivan, is on trial over a 2016 breach in which the records of 57 million users and drivers were stolen. In 2017, the company acknowledged that it had concealed the attack and the following year paid $148 million in a settlement with 50 U.S. states and Washington, D.C.

Critical intelligence for general counsel

Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top