Uber confirmed that it had been hacked in what appears to be a damaging compromise of internal systems as well as accounts for multiple third-party services.
After the hacker gained access to an employee’s work account, employees were warned not to use Slack.
Security researchers posted screenshots of internal Uber systems on the internet.
According to security researcher Corben Leo, an individual hacked Uber and gained access to the company’s corporate network through a phishing attempt.
They were able to scan Uber’s internal corporate network and locate administrative user credentials for Uber’s Thycotic account via a shared network resource.
A single hardcoded password appears to have been used to gain access to Uber’s privileged access management system, which grants access to anything that links to it.