Security News > 2022 > September > Uber hacked, internal systems breached and vulnerability reports stolen
Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.
The New York Times, which first reported on the breach, said they spoke to the threat actor, who said they breached Uber after performing a social engineering attack on an employee and stealing their password.
Curry told BleepingComputer that he first learned of the breach after the attacker left the above comment on a vulnerability report he submitted to Uber two years ago.
Uber runs a HackerOne bug bounty program that allows security researchers to privately disclose vulnerabilities in their systems and apps in exchange for a monetary bug bounty reward.
Curry further shared that an Uber employee said the threat actor had access to all of the company's private vulnerability submissions on HackerOne.
This likely includes vulnerability reports that have not been fixed, presenting a severe security risk to Uber.