Rideshare giant Uber is sharing more details about how it was hacked last week, and who the company thinks was behind it.
According to Uber, the company believes the teen hacking group Lapsus$ was behind the breach. Uber explains in an update that Lapsus$ has been behind a number of hacks over the past year. The group’s targets have included NVIDIA, Samsung, and Microsoft.
Lapsus$’s most recent hack, and perhaps its most high-profile, just occurred this past weekend. On Sunday, footage of video game developer Rockstar Games’ highly-anticipated Grand Theft Auto VI leaked on the internet. Around 90 clips showcasing GTA VI gameplay spread online. Rockstar later confirmed that the footage was legitimate. Lapsus$ has since taken credit for the leak.
Early gameplay footage of ‘GTA VI’ has been leaked online
Along with the information on Lapsus$, Uber also updated a post on its website about the hack with additional details it had uncovered in its investigation.
According to the company, a contractor’s account was compromised, setting off the series of events which saw hackers access Uber’s internal systems. Uber says it believes the contractor’s Uber password was accessed via malware installed on the user’s device and that these credentials were possibly sold on the dark web.
The contractor soon began to receive two-factor authentication login approval requests each time the unauthorized party attempted to sign into their account.
“Eventually, however, the contractor accepted one, and the attacker successfully logged in,” Uber explained.
Once the hacker was successfully able to login via the contractor’s account, they were able to access other employee accounts, including those with permissions to internal tools like Slack and G-Suite. In the update, Uber confirms the authenticity of the screenshots showing the attacker’s Slack message announcing the hack which were being passed around on social media last week. The company also confirmed that a “graphic image” was shown to employees when they tried to access internal company web pages after the hacker “reconfigured Uber’s OpenDNS.”
US Customs agents have been seizing Americans’ phone data unchecked for 15 years
Uber says the hacker was able to access and download internal messages on the company Slack. The hacker was also able to access the company’s HackerOne dashboard where security researchers report bugs.
However, Uber continues to maintain that it has yet to find any evidence that user data was compromised. The company also has yet to find any effects on the public-facing Uber websites or apps.