An Uber employee fell for this old phishing trick:
The person who claimed responsibility for the hack told The New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering.
A former Uber head of security is on trial for not disclosing past hacks.
Update: Uber says they have no evidence that personal information was compromised in the hack.