Uber provides more information about the most recent hack and blames Lapsus$

Uber has provided additional information regarding the recent data breach, including the circumstances of the incident, the damage it caused, and the identities of those it believes were (primarily) responsible.

An attacker who bought Uber EXT contractor login credentials on the dark web was able to gain access to the account after the contractor accepted a two-factor login request from the secondary endpoint, according to a security update (opens in new tab) published by Uber.

The hacker then gained administrative access to Google Workspace and Slack after gaining access to “several other employee accounts” (Uber does not specify how this occurred).

Lack of effort and bills

Uber has blamed Lapsus$, a notorious extortion group that has previously breached Microsoft, Cisco, Samsung, Nvidia, and Okta, despite the fact that Lapsus$ has not yet claimed responsibility for the attack.

While the attacker gained access to a number of internal systems, they were unable to compromise the production systems that fuel Uber’s apps, so the company claims the damage was minimal. The database storing personal information about the users was secure, as were their accounts (credit card numbers, bank account info, trip history). The company claims that even if an attacker gained access to sensitive information such as credit card numbers or medical records, they would be useless to them because the information is encrypted.

In addition, the hackers did not alter the Uber codebase in any way. Cloud service providers also did not mess with their users’ and customers’ data. However, data from an invoice management tool and internal Slack conversations have been stolen.

The fact that the attackers accessed Uber’s dashboard at HackerOne has been the primary focus of security researchers and the media since the news of the data breach broke. This is because the dashboard contains information about the company’s vulnerabilities, including those that have not yet been patched.

Security researchers and the media initially focused on the fact that the attackers gained access to Uber’s dashboard at HackerOne, since this would give them knowledge of the company’s various vulnerabilities, including those that have not yet been patched.

That would make the network vulnerable to a wide variety of cyberattacks. But Uber claims any vulnerabilities the hackers exploited are now patched.

Leave a Reply

Your email address will not be published.