 "Uber blames notorious extortion gang Lapsus$ for recent data breach")
Uber Technologies Inc. said the hacker responsible for a data breach reported last week is affiliated with a notorious extortion group named Lapsus$, which also targeted technology companies including Microsoft Corp., Cisco Systems Inc., Okta Inc. and Samsung Corp. this year.
Uber shut down some of its internal software and messaging systems on Thursday, after an attacker infiltrated its network and sent employees messages warning that Uber had been hacked.
“We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so,” a company spokesperson said in an announcement Monday.
Also Read | 70% of Indian firms hit by a ransomware attack in last 3 years: Report
Also Read | 70% of Indian firms hit by a ransomware attack in last 3 years: Report
Uber also acknowledged unconfirmed reports over the weekend that the same perpetrator had breached video game publisher Rockstar Games, and said it was working with the FBI and the US Department of Justice to investigate its breach.
Uber said it did not believe the attacker had gotten into its public-facing systems, such as user accounts or databases that store sensitive or financial information. They did not access any customer data stored by its cloud providers including Alphabet Inc.’s Google and Amazon Web Services, it added.
Uber said it was “likely” that the attacker bought an Uber contractor’s password on the dark web, after that contractor’s personal device had been infected with malware. The attacker managed to hijack the two-factor login approval by inundating the contractor with requests, which they eventually accepted. From there, the intruder was able to get into several employee accounts and had security permissions for Uber’s G-Suite and Slack, among other internal tools.
Uber also discovered that the attacker downloaded internal Slack messages and an internal tool the finance team uses to manage some invoices.
All software vulnerability reports the attacker accessed through Uber’s HackerOne dashboard had already been remediated, alleviating concerns that the hacker had access to vulnerabilities in Uber’s code. HackerOne assists with Uber’s bug bounty program, which allows ethical hackers to search for flaws which could lead to breaches in return for payment, or bounty.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%