The hack that affected Uber last week was the work of Lapsus$, the company accused in a blog post on Monday. The South American hacker group has attacked a number of tech giants over the past year, including Microsoft, Samsung and Okta.

Uber said it is in close coordination with the FBI and the US Department of Justice on this matter. Although the attacker gained access to several internal systems, Uber said he does not appear to have infiltrated publicly accessible systems, user accounts or databases storing sensitive information about users, such as their personal data. payment.

Internal messages downloaded

Additionally, Uber adds that it does not appear that the attacker accessed customer or user data stored by its cloud providers. The hacker did download some internal messages, however, as well as information from an internal finance team.

The attacker also accessed Uber’s dashboard on HackerOne, where security researchers report bugs and vulnerabilities. However, all bug reports the attacker was able to access have been fixed, Uber reports.

Announcement of the hack on Slack

On Thursday, the hacking was revealed after a message from the malicious hacker leaked on one of the company’s Slack channels, this online collaborative platform. The attacker then reconfigured Uber’s OpenDNS to display an image to employees on certain internal sites.

The hacker told the New York Times that he had gained access to Uber’s systems through a social engineering scheme. He allegedly texted an Uber employee claiming to be a member of the company’s IT staff, which persuaded the staff member to reveal his password.

Password bought on the dark web

However, Uber clarified on Monday that the hacker gained access using the credentials of a third-party contractor. Additionally, the company believes it’s “likely” that hacker Lapsus$ obtained the contractor’s Uber corporate password by purchasing it on the dark web, after the contractor’s personal device was infected. by malware.

Then, according to Uber, the hacker repeatedly tried to log into the contractor’s Uber account, but was blocked by a two-factor login approval request. However, the contractor ended up accepting one of these requests. Which then opened up the hacker’s access to a number of internal tools, including G-Suite and Slack.



Disclaimer: If you need to update/edit/remove this news or article then please contact our support team Learn more

Tarun Kumar

Tarun Kumar has worked in the News sector for 05 years and is currently the Owner and Editor of Then24. He reside in Delhi, India with his Family.

Leave a Reply