Uber Technologies Inc said on Thursday it was investigating a cybersecurity incident, after a report that its network was breached and the company had to shut several internal communications and engineering systems.
A hacker compromised an employee’s account on workplace messaging app Slack and used it to send a message to Uber employees announcing that the company had suffered a data breach, according to a New York Times report on Thursday that cited an Uber spokesperson.
It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees, the report added.
“We are in touch with law enforcement and will post additional updates here as they become available,” Uber said in a tweet, without providing further details.
Shares of the ride-hailing firm were down nearly 4% in premarket trading on Friday, amid broader U.S. market declines.
Uber took the Slack system offline on Thursday afternoon after employees received the message from the hacker, according to the Times report.
“I announce I am a hacker and Uber has suffered a data breach,” the message read, and went on to list several internal databases that were allegedly compromised, the report added.
A person assumed responsibility for the hack and told the paper that he had sent a text message to an Uber employee claiming to be a corporate IT person.
The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, the report said.
Slack said in a statement that the company was investigating the incident and that there was no evidence of a vulnerability inherent to its platform.
Uber employees were instructed to not use Slack, which is owned by Salesforce Inc , according to the report. Other internal systems were inaccessible too.