Uber Blames Lapsus$ Hacking Group for Last Week’s Data Security Breach

On Sep 20, 2022 at 8:36 am UTC by · 3 mins read

The Lapsus$ Hacking Group exploited some of the employee accounts and internal tools of Uber, however, there’s no breach of customers sensitive information so far.

On Monday, September 19, Uber Technologies Inc (NYSE: UBER) stated that the hacker associated with the Lapsus$ hacking group was behind the cyberattack last week that forced the ride-hailing company to shut down internal communications.

The Lapsus$ extortion group is also very popular for breaching other high-profile tech companies in the past. Uber further explained that the Lapsus$ hacker stole the credentials of an Uber EXT contractor in an MFA fatigue attack.

The attacker flooded the contractor with two-factor authentication (2FA) login requests until one got accepted. This gave the hacker access to several employee accounts and other tools like Slack and G-Suite. In its official statement, Uber also noted:

“The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites”.

This social engineering tactic has been very popular in exploiting high-tech firms. Similar attacks in the past have targeted well-known companies such as Robinhood, Twitter, Mailchimp, and Okta.

Uber: The Lapsus$ Group Has No Access to Users’ Sensitive Information

Uber said that the hackers couldn’t get access to any sensitive information such as user accounts or the database storing information like credit card numbers, bank accounts, or trip details.

Uber said that it is still conducting an investigation into the matter. The ride-hailing firm added that “the attacker accessed several internal systems, and our investigation has focused on determining whether there was any material impact”.

Following the breach, Uber also initiated several corrective measures. It has for now disabled some of the affected internal tools. Besides, Uber also locked its Codebase preventing any further code changes. The company added that it has yet to detect any proof that the attacker injected some malicious code into the database. The company added:

“First and foremost, we’ve not seen that the attacker accessed the production (i.e. public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info, or trip history. We also encrypt credit card information and personal health data, offering a further layer of protection. We reviewed our codebase and have not found that the attacker made any changes. We also have not found that the attacker accessed any customer or user data stored by our cloud providers”.

Uber said that it has been in close touch with the FBI and the US Department of Justice on the matter.

Share:

Related Articles

Adyen Stock Gained over 20% After Reporting Better than Expected 2023 Financial Results

By February 9th, 2024

Adyen reported net revenue of €1.62 billion for 2023, up 22 percent YoY, fueled by continued growth in the customer base amid an expanding team of employees.

Uber Eats to Launch AI Chatbot for Enhanced User Experience

By September 21st, 2023

Aside from the AI assistant, which will be integrated into the Uber Eats platform later this year, the company is introducing more features to diversify its payment options.

Google Moves to Sell Map Data to Renewable Energy Ventures

By August 29th, 2023

Google’s transition towards monetizing its mapping products is not only a strategic financial move but also a response to the evolving economic landscape.

Exit mobile version