Uber suffered a data breach last week after an employee’s Slack app, a workplace messaging app, got compromised. The company has now revealed a hacking group called Lapsus$, which has been increasingly active over the last year or so, was behind the cyberattack. In a blog post, Uber notes that the group typically uses similar techniques to target technology companies, and in 2022 alone, it breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others. A recent report even claimed that the same hacker group breached GTA-creator Rockstar Games’ systems.
When reports about a potential data breach surfaced last week, the scope of the attack was unclear. Uber has now clarified that the attacker accessed several internal systems, and the company is still investigating whether there was any material impact.
However, Uber claims that the attacker did not access “production systems” that power its mobile apps. The company also assures that user accounts or the databases it use to store sensitive user information, such as credit card numbers, user bank account info, or trip history are safe. Uber says, “We also encrypt credit card information and personal health data, offering a further layer of protection”.
Explaining the method of the attack, Uber confirmed that an Uber EXT contractor’s account was compromised. The attacker seemingly got access to the contractor’s corporate password on the dark web. The attacker then repeatedly tried to log in to the contractor’s Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, the contractor accepted one, and the attacker successfully logged in.
Following this, the hacker accessed several other employee accounts, which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. As soon as Uber was alerted about the attack, it “disabled many affected or potentially affected internal tools” and “locked down” its “codebase, preventing any new code changes.”
Uber says it is still working with several leading digital forensics firms as part of the investigation. The company adds it will take this opportunity to strengthen technology to mitigate future cybersecurity threats.