A recent statement from Uber says that a group of cybercriminals, well known to law enforcement and believed to be the inspiration behind the 18-year-old British teenager Lapsus$, is behind the cyberattack that took place there a few days ago.
Uber blames Lapsus$
According to the American company, Lapsus$ hackers are behind the security breach. Uber states that “we believe this attacker is connected to a hacker group called Lapsus$ that has grown in activity over the past year. This group uses similar methods to attack tech companies, and it was only in 2022 that it infiltrated the systems of Microsoft, Cisco, Samsung, Nvidia and Okta, among others.” Over the weekend, Lapsus$ cybercriminals reportedly hacked into the Rockstar Games computer system. Indeed, dozens of GTA VI videos have leaked online.
Uber was the victim of a cyberattack
Uber is currently working with the FBI and the Justice Department to clear up the matter. The hack last week forced the company to shut down several internal systems, including Slack, Amazon Web Services and Google Cloud Platform. The taxi and home delivery company confirms that the Lapsus$ hacker downloaded some internal messages from Slack, as well as information from an internal tool used by the finance team to manage accounts. On the other hand, the company makes sure that user data is not compromised.
New Security Breach Information
In its updated statement, Uber provides some additional details about the hack. The company says a hacker likely bought an Uber employee’s Slack password on the dark web after his phone was infected with malware. To enter the system, the Lapsus$ hacker had no choice but to send a request for two-factor identification. This initially blocked access to Slack, but an Uber employee ended up inadvertently accepting the request. Here’s how a hacker would be able to connect to an Uber Slack workspace.
In the second phase, the hacker was able to gain access to several other Uber employee accounts, gradually gaining other permissions for a number of the company’s internal tools, including G Suite and AWS. Finally, the hacker wrote a message to Uber employees on Slack: “I am reporting that I am a hacker and that Uber has suffered a data breach.” Uber quickly asked those affected to change their passwords. In addition to law enforcement, Uber is also working with several cybersecurity companies and points out that “we will also take this opportunity to continue to strengthen our policies, our practices and our technology to better protect Uber from future attacks.”