Uber has said the hacking group Lapsus$ was behind a cyber attack last week that forced the company to temporarily shut down some internal systems. The ride-hailing service said that the perpetrators gained access after obtaining an external contractor's account credentials, reported Financial Times.
Uber said the attacker had not accessed any user accounts and the databases that store sensitive user information such as credit card numbers, bank account or trip details, reported Reuters.
"The attacker accessed several internal systems, and our investigation has focused on determining whether there was any material impact," Uber said.
The cyber attack: Friday's cyber attack had brought down Uber's internal communication system for a while. The hack forced the company to take several of its internal systems offline, including Slack, Amazon Web Services and Google Cloud Platform, reported The Verge.
Screenshots the hacker shared with security researchers indicate they obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data, reported AP.
How bad was it? Files shared with the researchers and posted widely on Twitter and other social media indicated the hacker was able to access Uber's most crucial internal systems, reported AP. "It was really bad the access he had. It's awful," said Corben Leo, one of the researchers who chatted with the hacker online.
Let's talk about how they were compromised. The attacker has been quite upfront about how they compromised Uber's corporate infrastructure. Uber appears to use push notification MFA (Duo) for their employees. How can an attacker get around MFA? 2/N pic.twitter.com/IVR009timm— Bill Demirkapi (@BillDemirkapi) September 16, 2022
Uber said it was in close coordination with the FBI and the US Department of Justice on the matter.
How Uber systems were hacked: Uber said the attacker logged in to a contractor's Uber account after they accepted a two-factor login approval request following multiple requests, giving the hacker access to several employee accounts and tools such as G-Suite and Slack, reported Reuters.
Hacking group Lapsus$: Lapsus$ in the past have attacked systems of some big companies like Nvidia, Microsoft Corp and Okta Inc. Lapsus$, a group described by cyber security researchers as a "loosely" held collective with roots in the UK and Brazil, reported Financial Times.
The gang was linked to another high-profile attack this weekend on video games developer Rockstar Games, in which footage from the unseen next installment of the Grand Theft Auto series was leaked, reported FT.