The menace actor answerable for hacking Uber final week is probably going related to the prolific Lapsus$ group, the agency has claimed.
The ride-hailing big admitted final Thursday that it was investigating a safety incident after reviews revealed a malicious actor claiming to be 18 years previous had managed to entry e-mail and cloud techniques, code repositories, an inner Slack account and HackerOne tickets.
In an replace yesterday, Uber defined that the attacker focused an Uber EXT contractor, almost certainly acquiring their company password on the darkish internet after the credential had been stolen through malware put in on their private system.
“The attacker then repeatedly tried to log in to the contractor’s Uber account. Every time, the contractor obtained a two-factor login approval request, which initially blocked entry. Ultimately, nevertheless, the contractor accepted one, and the attacker efficiently logged in,” it continued.
“From there, the attacker accessed a number of different worker accounts which finally gave the attacker elevated permissions to quite a lot of instruments, together with G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel, which lots of you noticed, and reconfigured Uber’s OpenDNS to show a graphic picture to workers on some inner websites.”
Because it stands, Uber stated the menace actor didn’t entry any person accounts, databases storing private information, or manufacturing techniques for its app. The agency additionally encrypts bank card and well being data, it stated.
Though Slack messages and an inner bill administration instrument have been accessed, there are not any indicators that buyer or person knowledge saved within the cloud was compromised, Uber claimed. It added that any HackerOne tickets accessed by the menace actor associated to bugs that had already been remediated.
Whether it is Lapsus$, the breach will likely be one in all many by the group focusing on know-how firms over current months. Microsoft, Cisco, Samsung, Nvidia and Okta have all been compromised by Lapsus$. There are reviews that the identical actor could have breached Rockstar Video games over the weekend.