“From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack,” the blog post said. “The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.”
The attacker did not access user-facing systems, user accounts, databases containing personal information or the code that powers Uber’s products, the company said. But it added the investigation is continuing in coordination with law enforcement and multiple cybersecurity firms.
Uber added that in response to the breach, it is strengthening its multifactor authentication policies and has reset employee access to internal tools.