Uber is investigating a breach of its computer systems, the company said and took several of its internal communications and engineering systems offline.
“We are currently responding to a cybersecurity incident,” the company tweeted on Friday.
The hacker compromised an employee’s official Slack account and posted a message, announcing himself and sharing that “Uber has suffered a data breach,” The Washington Post reported, citing people familiar with the matter.
The company said it is currently assessing the extent of the hack, adding that it is in touch with law enforcement and will post additional updates on Twitter as they become available.
The hacker also reportedly sent images of “email, cloud storage, and code repositories” to cybersecurity researchers and posted an “explicit image” on an internal page for employees, according to Reuters.
“This is a total compromise, from what it looks like,” security expert Sam Curry, who reportedly corresponded with the hacker claiming responsibility, told The New York Times.
The company pointed to its Twitter statement in response to The Independent’s request for comment on the extent of the breach.
This is not the first time the company has faced a cybersecurity incident.
Uber came under fire for a 2016 breach that exposed the data of about 57 million drivers and passengers.
In the incident, personal information like names and phone numbers of Uber users worldwide were stolen along with the names and license numbers of some 600,000 drivers, Uber chief Dara Khosrowshahi had said.
This included records of nearly 82,000 drivers based in the UK.
The company hid the incident till 2017 and had paid hackers to not release the stolen data.
“We are changing the way we do business,” Mr Khosrowshahi had said after the company’s founder Travis Kalanick was forced out.
Following the 2016 incident, Uber was fined £385,000 by the UK Information Commissioner’s Office (ICO).
The ICO found the company guilty of a “serious breach” of UK data protection law and for showing “complete disregard” for customers and drivers whose data was stolen.