Ya know when that lack of internal security gets noticed by the NYT's... you have really "screwed the pooch"
It looks like a pretty basic phishing attack; And because Uber has lousy internal security, lots of people have access to everything. So once a hacker gains a foothold, they have access to everything.
This is the same thing that Mudge accuses Twitter of: too many employees have broad access within the company’s network.