Uber shut down some of its internal software and messaging systems on Thursday, after an attacker infiltrated its network and sent employees messages warning that Uber had been hacked.
Uber also acknowledged unconfirmed reports over the weekend that the same perpetrator had breached video game publisher Rockstar Games, and said it was working with the FBI and the US Department of Justice to investigate its breach.
Uber said it did not believe the attacker had gotten into its public-facing systems, such as user accounts or databases that store sensitive or financial information. They did not access any customer data stored by its cloud providers including Alphabet Inc.’s Google and Amazon Web Services, it added.
Uber said it was “likely” that the attacker bought an Uber contractor’s password on the dark web, after that contractor’s personal device had been infected with malware. The attacker managed to hijack the two-factor login approval by inundating the contractor with requests, which they eventually accepted. From there, the intruder was able to get into several employee accounts and had security permissions for Uber’s G-Suite and Slack, among other internal tools.
Uber also discovered that the attacker downloaded internal Slack messages and an internal tool the finance team uses to manage some invoices.
All software vulnerability reports the attacker accessed through Uber’s HackerOne dashboard had already been remediated, alleviating concerns that the hacker had access to vulnerabilities in Uber’s code. HackerOne assists with Uber’s bug bounty program, which allows ethical hackers to search for flaws which could lead to breaches in return for payment, or bounty.
 "Uber")