Uber believes it has identified the team behind last week’s hack, and the name will sound very familiar. in a to update About the breach, Uber said the perpetrator was affiliated with Lapsus$, the hacking group that has targeted tech firms including Microsoft, Samsung and T-Mobile. The same intruder could also have been responsible for the leaked Rockstar hack Grand Theft Auto VIUber said.
It’s also clearer how the culprit could have accessed Uber’s internal systems. The attacker likely purchased the contractor’s login details on the dark web after being exposed via a malware-infected computer. Two-factor authentication initially prevented the hacker from gaining entry, but the contractor accepted an authentication request; that was enough to help the attacker compromise employee accounts and in turn abuse company apps like Google Workspace and Slack.
As before, Uber emphasized that the hacker did not access public systems or user accounts. The base code also remains intact. While Uber’s bug bounty program was compromised by those responsible, all vulnerability reports involved have been “remediated.” Uber contained the attack by limiting compromised accounts, temporarily disabling tools, and restoring access to services. There is also additional monitoring for unusual activity.
The update on the incident suggests that the damage to Uber is relatively limited. However, it also indicates that Lapsus$ is still hacking high-profile targets despite the arrests. It also underscores the continued vulnerability of major tech companies to attack. In this case, one wrong move by a contractor was all it took to disrupt Uber’s operations.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at time of publication.