After serious breach, Uber says services operational

The ride-hailing service Uber said Friday that all its services are operational following what security professionals were calling a major data breach. It said there was no evidence the hacker got access to sensitive user data.

What appeared to be a lone hacker announced the breach on Thursday after apparently tricking an Uber employee into providing credentials.

Screenshots the hacker shared with security researchers indicate this person obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data.

It is not known how much data the hacker stole or how long they were inside Uber's network. Two researchers who communicated directly with the person — who self-identified as an 18-year-old to one of them— said they appeared interested in publicity. There was no indication they destroyed data.

But files shared with the researchers and posted widely on Twitter and other social media indicated the hacker was able to access Uber's most crucial internal systems.

“It was really bad the access he had. It's awful,” said Corbin Leo, one of the researchers who chatted with the hacker online.

He said screenshots the person shared showed the intruder got access to systems stored on Amazon and Google cloud-based servers where Uber keeps source code, financial data and customer data such as driver's licenses.

“If he had keys to the kingdom he could start stopping services. He could delete stuff. He could download customer data, change people’s passwords,” said Leo, a researcher and head of business development at the security company Zellic.

Screenshots the hacker shared — many of which found their way online — showed they had accessed sensitive financial data and internal databases. Among them was one in which the hacker announced the breach...