Uber believes they have identified the group behind hack last week, and the name sounds all too familiar. In one update About the breach, Uber says the culprit has links to Lapsus$, the hacking group that targeted tech companies like MicrosoftSamsung and T Mobile. The same intruder may also be responsible for the Rockstar hack leaked Grand Theft Auto VIUber said.
It’s also clearer how the perpetrators may have gained access to Uber’s internal systems. The attacker may have purchased the contractor’s credentials on black web after they were exposed via a malware-infected computer. Two-factor authentication initially prevented hackers from getting in, but the contractor accepted the authentication request – that was enough to help the intruders compromise employee accounts and, conversely, abuse apps companies like Google Workspace and Slack.
As before, Uber stressed that the hacker did not gain access to public systems or user accounts. The code base is also still intact. Although those responsible did compromise Uber’s bug bounty program, any reports of related security vulnerabilities have been “fixed”. Uber prevented the hack by restricting compromised accounts, temporarily disabling tools, and re-establishing access to services. There is also additional monitoring for unusual activities.
The crash update shows that the damage to Uber is relatively limited. However, it also indicates that Lapsus $ is still hitting high-end targets despite being caught. It also highlights the continued vulnerability of major tech companies. In this case, one wrong move by one contractor was all it took to disrupt Uber’s operations.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at time of publication.