Ride-hailing and delivery giant %Uber ($UBER) says it is investigating a %CybersecurityIncident and that its systems may have been hacked in recent days.
“We are in touch with law enforcement and will post additional updates here as they become available,” Uber said in a written statement posted to %Twitter ($TWTR).
According to multiple media reports, an online hacker gained control of Uber’s internal systems after compromising the Slack account of an employee.
Slack, a workplace messaging service, is used by many technology companies for employee communications. Uber said that it has temporarily disabled its %Slack accounts.
After compromising Uber’s internal Slack accounts, the hacker then accessed other internal databases, according to reports of the incident.
The Washington Post has published an article in which it says the alleged hacker contacted the newspaper and told its reporters that they could leak Uber’s source code if they choose to.
Other media reports claim the hacker also took control of Uber’s Amazon Web Services and Google Cloud accounts and gained access to internal financial data at the company.
News of the attack comes as Uber’s former security chief, Joe Sullivan, is standing trial over a 2016 breach in which the records of 57 million users and drivers were stolen. In 2017, the company admitted to concealing the attack and paid $148 million in a settlement with 50 U.S. states and Washington, D.C.
Shares of Uber declined 5% on news of the latest cyberattack. Year-to-date, Uber’s stock is down 25% at $33.13 U.S. per share.