Uber believes it has identified the team behind last week’s hack, and the name will sound all too familiar. In an update on the breach, Uber said the perpetrator was linked to Lapsus$, the hacking group that has targeted tech companies including Microsoft, Samsung and T-Mobile. The same intruder may also have been responsible for the leaked Rockstar hack Grand Theft Auto VIsaid Uber.
It’s also clearer how the perpetrator may have accessed Uber’s internal systems. The attacker likely bought the contractor’s credentials on the dark web after they were exposed through a malware-infected computer. Two-factor authentication initially prevented the hacker’s access, but the contractor accepted an authentication request — enough to help the intruder compromise employee accounts and, in turn, abuse corporate apps like Google Workspace and Slack.
As before, Uber emphasized that the hacker did not access any publicly accessible systems or user accounts. The code base also remains untouched. While those responsible have compromised Uber’s bug bounty program, all vulnerability reports involved have been “fixed”. Uber contained the hack by restricting compromised accounts, temporarily disabling tools and resetting access to services. There is also additional monitoring for unusual activity.
The incident update suggests the damage to Uber is relatively limited. However, it also points out that despite arrests, Lapsus$ is still hacking high-profile targets. It also underscores the continued vulnerability of large tech companies to hacks. In this case, one wrong step by a contractor was enough to disrupt Uber’s operations.
All products recommended by Engadget are selected by our editorial team independently from our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may receive an affiliate commission. All prices are correct at time of publication.
https://www.engadget.com/uber-hack-targeted-contractor-lapsus-192339707.html?src=rss Uber claims hack came from Lapsus$, the group behind Microsoft and T-Mobile attacks