The ride-hailing giant Uber is blaming a group of hackers known as Lapsus$ for the cybersecurity breach the company’s systems suffered days ago while it affirmed that users’ sensitive data was not compromised during the incident.
In a security update published yesterday, the company explained how the incident occurred and which systems were accessed by the hacker.
The company stated that the individual or group responsible for the attack gained entry to Uber’s internal systems by purchasing the credentials of an external contractor from the dark web. The hacker managed to circumvent the contractor’s two-factor authentication and accessed the person’s G-Suite and Slack accounts, allowing for interaction with other employees.
Once Uber (UBER) noticed the breach, the company immediately prompted its employees to change their passwords and it also changed the security keys of many of its internal systems while locking the codebase of its flagship app and other sensitive software to prevent its services from being affected by the unauthorized party.
It appears that the hacker did not gain access to the back-end interface that powers the firm’s app and, hence, was not able to obtain any sensitive data from Uber customers such as their credit card information or address.
The company did acknowledge that the hacker downloaded internal chats from Slack along with data from an internal system that Uber’s finance team uses to handle invoices. The company is analyzing these downloads and the whole incident with the assistance of multiple companies that specialize in digital forensics.
Uber’s Hack Occurred a Day Before the Grand Theft Auto Video Leaks
According to Uber, the Lapsus$ group is a hacking organization that has perpetrated several other breaches that affected large tech companies such as Microsoft (MSFT), Nvidia, and Samsung. They appear to also be responsible for leaking videos of the upcoming Grand Theft Auto VI videogame from Rockstar Games – an incident that occurred only a day after Uber’s systems were breached.
The Rockstar incident involved the leaking of 90 videos and images of the sixth sequel of its popular video game. However, the breach did not compromise the firm’s internal systems or the functioning of its live game services.
The ride-hailing firm is working alongside the Federal Bureau of Investigation (FBI) and the Department of Justice to analyze what happened and possibly identify the people who were behind the breach.
Uber stock experienced a 3.6% drop on the day that the breach was reported by the media followed by another 1.4% drop the day after. The price of the shares of the San Francisco-based tech firm remains unchanged this morning in pre-market action.
What is Lapsus$?
Lapsus$ is an international hacking organization that jumped to the spotlight in 2021 after it managed to steal information from the Health Mistry of Brazil related to the country’s COVID-19 monitoring and control program. The incident resulted in roughly 50TB of data being deleted from the country’s systems.
The group also claimed it gained access to the source codes that power Samsung’s popular Galaxy smartphones and Bing, the search engine owned by Microsoft.
Some members of the group were reportedly arrested by the City of London Police in March this year for collaborating with the group. Its founder is believed to be a 16-year old teenager living in the United Kingdom while other members of the group may also be underage individuals from other corners of the world.
The Lapsus$ group Telegram channel reportedly has over 50,000 subscribers. People join the chat room to gain access to the data dumps the group regularly performs through which they share the data they have obtained when they access their victims’ systems.
Other Related Articles:
- List of Best Tech Stocks to Invest in September 2022
- List of Undervalued Stocks to Invest in September 2022
Tamadoge - The Play to Earn Dogecoin
- '10x - 50x Potential' - CNBC Report
- Deflationary, Low Supply - 2 Billion
- Listed on Bybit, OKX, Bitmart, LBank, MEXC, Uniswap
- Move to Earn, Metaverse Integration on Roadmap
- NFT Doge Pets - Potential for Mass Adoption