Uber, one of the main mobility platforms, discovered a flaw in its systems on Thursday. The company says it is investigating the incident.

The information about the intrusion into the systems was advanced by the New York Times, which received images of emails, cloud storage and code repositories of those allegedly responsible for the incident. In addition to the newspaper, some cybersecurity researchers also received the same data.

One of the researchers, Sam Curry of Yuga Labs, told the NYT that the attacker “basically has full access to Uber.” This investigator claims that he even spoke with the person responsible for the incident.

On the Uber side, there are indications that the company is investigating this improper access, having also contacted the responsible authorities. The information came through Twitter, but without further details.

Uber employees will have been warned not to use the company’s Slack, the platform used to exchange messages. Additionally, employees will have found some internal systems inaccessible, two employees revealed.

The NYT also advances that the “hacker” will have sent a message to Uber employees, announcing that he was a “‘hacker’ and that Uber had suffered a data leak.” The message will have been found in various databases that have been compromised.

This will have been a social engineering attack. To the NYT, the “hacker”, who claims to be 18 years old, explained how he managed to access the company: he contacted an Uber employee and pretended to be someone from a technology company. With some conversation, the worker gave the password to access Uber’s systems.

This is not the first time that a “hacker” has been able to access Uber data. In 2016, the information of 57 million drivers and passengers was compromised. In exchange for the data, they asked for $100,000. The NYT notes that Uber made the payment but kept the incident secret for more than a year.

Uber shares fell even before the market opened. A few minutes after 3:00 pm, the values ​​of the platform were down about 5%.

The case of the Check Point notes is “potentially transformational for security leaders”

Some cybersecurity companies are reacting to this incident in Uber’s systems. Rui Duro, head of Check Point in Portugal, highlights the coincidence that the incident occurred a week after the trial of the company’s former head of security.

“It appears that a major social engineering attack has substantially compromised Uber. This comes a week after its former security chief stands trial in the US, facing criminal charges for proper disclosure of a 2016 breach affecting 57 million users. This is an interesting and potentially transformative case for security leaders,” says Rui Duro, in a press release.

“Social engineering is something we see more and more. This is where hackers will use a variety of online and offline means to manipulate users into taking action or disclosing sensitive information such as remote access details.”

“Solutions exist that can actively protect against sophisticated social engineering and phishing techniques like this, but it’s also absolutely critical that organizations take the time to educate their employees about these threats,” he warns.