Uber Technologies Inc. claimed on Monday that a hacker connected to the Lapsus$ hacking organization was to blame for the cyberattack that momentarily prompted the ride-hailing business to halt some internal communications last week.
Uber said the hacker entered the account of an EXT contractor after apparently obtaining the employee's login information from the dark web. Uber stated in a blog post on Monday that it was probably malware that infected the contractor's personal device, exposing those credentials.
According to Uber, the attacker did not access any user accounts or the systems that hold sensitive user data like credit card or bank account numbers or trip information. Uber claims in its statement that no personal information was accessed and that all services, including Uber, Uber Eats, Uber Freight, and internal tools, are now operational as usual.
"First and foremost, we've not seen that the attacker accessed the production (ie public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info or trip history," Uber said. "We also encrypt credit card information and personal health data, offering a further layer of protection
"The attacker accessed several internal systems, and our investigation has focused on determining whether there was any material impact," Uber said. The business said that it was working closely with the FBI and the U.S. Department of Justice on the issue. The investigation was still going on.
Uber's internal communication system was temporarily down due to a cyberattack on Friday, and staff members were forced to utilize the Slack business messaging software, which is owned by Salesforce.
The hacker gained access to numerous staff accounts and tools like G-Suite and Slack after accepting a two-factor login permission request after receiving multiple requests, according to Uber. The attacker then signed in to the contractor's Uber account.
The hacking organization Lapsus$ has attacked companies like Nvidia, Microsoft Corp., and Okta Inc., a provider of authentication services used by thousands of significant enterprises.
In order to protect internal systems and user data, Uber claims to have reacted to the security breach right away. This includes identifying compromised employee accounts and either denying them access to Uber systems or ordering them to reset their passwords.
The "teapotuberhacker" hacker also allegedly claimed to have leaked an early gameplay video of the eagerly anticipated "Grand Theft Auto VI" game from Take-Two Interactive Software Inc. on Monday.
On the forum, the hacker had written that he wanted to "negotiate a deal" with the game company.