Uber said it believes the Lapsus$ hacking group was behind an attack last week that forced the company to temporarily shut down some internal systems, and said the perpetrators gained access after gaining information. external contractor account credentials.
The attack is the latest to target a major tech company linked to Lapsus$, a group described by cybersecurity researchers as a “loosely” organized collective with origins in from the UK and Brazil. Members have previously been blamed for embarrassing hacks against Microsoft, Samsung, Nvidia, and Okta.
The gang was also implicated in another famous attack this weekend against video game developer Rockstar Games, in which footage from the never-before-seen sequel to the Grand Theft Auto franchise was leaked. leaked on a fan forum. Network security The researchers noted strong similarities in the attack but said it was too early to confirm a link.
Uber first announced that it had been breached last Thursday night. On Monday, it confirmed that the intruder had obtained “high authority,” granting access to certain internal systems and enterprise software used by employees.
Among them were Uber’s Slack channels, where the attacker sent a message alerting employees to the hack, saying, “I’m reporting that I’m a hacker and Uber has suffered a data breach.” Some employees were redirected to a website containing lewd images.
The San Francisco-based ride-hailing company said its “public interface” system was not affected, adding that the database the company uses to store user data ” sensitive” — such as bank details and trip history — were not breached. Uber said the attacker also did not change the software code underlying its apps and services.
Uber said it was “likely” that a hacker linked to Lapsus$ purchased the contractor’s password on the dark web.
“The attacker then repeatedly attempted to log into the contractor’s Uber account,” the company said. “Each time, the contractor received a request for two-factor login approval, which initially blocked access. However, in the end, the contractor accepted one and the attacker successfully logged in”.
Lapsus $ rise to prominence late last year, said Claire Tills of the cybersecurity group Tenable. London police in March said they had arrested seven people linked to the gang, aged between 16 and 21.
Tills noted that the group has described itself as not “politically motivated or state-sponsored” and is instead motivated by a scandalous search. A Tenable research report published earlier this year said the group was “brazen, unsophisticated and illogical”.
That pattern seemed clear on Sunday, when a user on the web forum for Grand Theft Auto, claiming to be the one who hacked Uber a few days ago, posted 90 leaked videos and images from Grand Theft Auto 6. A follower suggested that they would “negotiate” with the company to prevent further footage from being released.
Rockstar on Monday confirmed the footage was genuine and that it was the victim of a “cyber intrusion”.
“Our work on the next Grand Theft Auto game will continue as planned, and we remain committed to delivering an experience for you, our players, that truly exceeds your expectations.” company posted on Twitter.
Shares in Rockstar parent company Take-Two Interactive fell in early trading Monday but recovered later in the day. Shares of Uber have risen slightly over the past week.