Uber admits to data breach, blames extortion group Lapsus$ for hacking
x

Uber admits to data breach, blames extortion group Lapsus$ for hacking


Uber Technologies Inc suffered a data breach last week after an employee’s Slack app, a workplace messaging app, got compromised. Uber said the hacker responsible for a data breach reported last week is affiliated with a notorious extortion group named Lapsus$, which also targeted technology companies including Microsoft Corp, Cisco Systems Inc, Okta Inc and Samsung Corp this year.

In a blog post, Uber noted that the group typically uses similar techniques to target technology companies.

Uber shut down some of its internal software and messaging systems on Thursday, after an attacker infiltrated its network and sent employees messages warning that Uber had been hacked.

Also read: Uber admits to past mistakes; says it is a different company now

Active hacker group

“We believe that the attackers (or attacker) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so,” a company spokesperson said in an announcement on Monday.

Uber also acknowledged unconfirmed reports over the weekend that the same perpetrator had breached video game publisher Rockstar Games and said it was working with the FBI and the US Department of Justice to investigate its breach.

Uber has clarified that the attacker accessed several internal systems, and the company is still investigating whether there was any material impact. However, Uber claims that the attacker did not access “production systems” that power its mobile apps. The company also assures that user accounts or the databases it uses to store sensitive user information, such as credit card numbers, user bank account info, or trip history are safe.

Uber says, “We also encrypt credit card information and personal health data, offering a further layer of protection”.

Modus operandi

Uber said it was “likely” that the attacker bought an Uber contractor’s password on the dark web after that contractor’s personal device had been infected with malware. The attacker managed to hijack the two-factor login approval by inundating the contractor with requests, which they eventually accepted. From there, the intruder was able to get into several employee accounts and had security permissions for Uber’s G-Suite and Slack, among other internal tools.

Uber also discovered that the attacker downloaded internal Slack messages and an internal tool the finance team uses to manage some invoices.

All software vulnerability reports the attacker accessed through Uber’s HackerOne dashboard had already been remediated, alleviating concerns that the hacker had access to vulnerabilities in Uber’s code. HackerOne assists with Uber’s bug bounty programme, which allows ethical hackers to search for flaws which could lead to breaches in return for payment, or bounty.

Also read: Hacker claims to breach Uber, security researcher says

Uber says it is still working with several leading digital forensics firms as part of the investigation. The company adds it will take this opportunity to strengthen technology to mitigate future cybersecurity threats.

Read More
Next Story