Uber (NYSE:UBER) on Thursday said it is investigating a cybersecurity incident following reports that the ride-hailing company had been hacked.
“We are currently responding to a cybersecurity incident,” Uber said in a statement on Twitter. “We are in touch with law enforcement and will post additional updates here as they become available.”
A hacker gained control over Uber’s internal systems after compromising the Slack account of an employee, according to the New York Times, which says it communicated with the attacker directly. Slack, a workplace messaging service, is used by many tech companies and startups for everyday communications.
Uber has now disabled its Slack, according to multiple reports..
After compromising Uber’s internal Slack in a so-called social engineering attack, the hacker then went on to access other internal databases, the Times reported.
A separate report, from the Washington Post, said the alleged attacker told the newspaper they had breached Uber for fun and could leak the company’s source code in a matter of months.
Employees initially thought the attack to be a joke and responded to Slack messages from the alleged hacker with emojis and GIFs, the Post reported, citing two people familiar with the matter.
Screenshots shared on Twitter suggest the hacker also managed to take over Uber’s accounts with Amazon (NASDAQ:AMZN) Web Services and Google (NASDAQ:GOOGL) Workspace, and gain access to internal financial data.
UBER shares dropped $1.56, or 4.7%, to $31.57.