Young hacker tricks way into Uber's system: reports
Stay tuned with 24 News HD Android App
"He says that he simply -- having already determined a valid username and password -- tricked an Uber staff member into granting him access to internal systems," independent cybersecurity analyst Graham Cluley said at his website.
Online comments purported to be by the hacker indicated he targeted an Uber employee with notifications for more than an hour, then reached out to the worker via WhatsApp claiming to be member of the company's tech support team.
"Many other companies are probably at risk of falling for a similar trick," Cluley said.
Uber said Friday that its services were all operational and that it had "no evidence that the incident involved access to sensitive data" such as users' trip history.
Employee software tools shut down as a precaution were being gradually restarted, the San Francisco based company added.
"There's a reason cybersecurity experts say that the human is often the weakest link," said Ray Kelly, a fellow at Synopsys Software Integrity Group in Silicon Valley.
"Whether it be phishing/SMS attacks or a simple phone call to get an employee to give up their credentials, 'social engineering' is going to be the easiest route for a malicious actor."