The teenage hacker behind the Uber security breach has announced a breach in the company’s Slack.

An 18-year-old hacker took responsibility for the hack Uber And the details don’t look good for the ride-sharing company.

On Thursday evening, Uber announced that it had suffered “Cyber ​​Security Incident” And that he was working with law enforcement authorities on the matter. a Report In the The New York Times He described the “incident” in detail as a data breach that shut down several of Uber’s internal systems. As more details were leaked from Uber employees, we now know more about what happened.

See also:

5 irrefutable detection of Uber files

So, how did you get off? An 18-year-old hacker has posted basic social engineering techniques targeting an Uber employee. The intruder said to The New York Times He simply pretended to be an IT worker from a company in a text message and was able to convince the employee to send him a password that gave him access.

Josh Yavor, Chief Information Security Officer of Tsien Cloud Security, said in a statement to Mashable. “We still see the same tactics at play regardless of the opponent or the victim: opponents know that people can be tricked into giving up their passwords.”

On top of the simplicity of the hack, there is another amazing aspect of this hack: Uber didn’t know it was hacked until the teenage hacker announce Same on the company’s Slack channel.

The hacker’s message “Hello @here” started. “I announce that I am a hacker and that uber has suffered a data breach.”

The hacker proceeded to run some of the hacked company’s internal systems, such as Slack for example, and ended his message by recalling Uber for underpaying its drivers.

Uber employees initially thought the whole thing was a joke.

Sam Curry, staff engineer at Yuga Labs, the company behind the Bored Ape Yacht Club NFT project, subscriber Additional information about the hack Who says he got it from an Uber contact.

According to Curry’s source, an Uber domain admin, Amazon Web Services admin, and GSuite were among some of the company’s accounts that were hacked. Screenshots, allegedly from the hacker, quickly spread to show his access to these services.

“Anytime I order a website, I’m taken to a trimmed page with a porn image and the message ‘F*** you wankers,'” Curry’s Uber source explained.

Uber quickly warned its employees to stay away from Slack, but according to Curry’s contact, several people at the company kept logging back in to check everyone’s joke responses.

In her report on the hack, The Verge has highlighted a Twitter thread From security researcher Corben Leo who got a little tech on how a hacker could gain access to many internal systems. Essentially, once the employee sent their password to the teen, the young hacker was able to access the company’s VPN, scan the intranet, and find Powershell scripts containing credentials for multiple services.

“Accessing private data within VPNs should be challenging and strictly protected,” explained Jack Moore, global cybersecurity advisor at cybersecurity firm ESET, in a statement provided to Mashable. “Using a simple SMS as a way to hack their systems now leaves Uber with a lot of questions about how much data has been compromised via this easy method.”

Moore said the attack should “highlight once again the importance of training employees to remain vigilant and have the ability to detect targeted phishing attempts and double-check before any type of credential is handed over.”

This is not the first time that Uber has been hacked. Back in 2016, a 20-year-old was in charge of a security breach That affected 57 million Uber customers around the world. This time, however, Uber says it Sensitive user data has not been hacked.