Uber reveals more on recent hack, says Lapsus$ is to blame

Attackers accessed Uber’s HackerOne platform

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Uber has shared more details onits recent data breach, sharing details on how it happened, what the impact was, and who it thinks was (most likely) to blame.

In asecurity update, Uber said a threat actor purchased an Uber EXT contractor’s login credentials from the dark web, and managed to log into the account after the contractor accepted a two-factor login request from the secondaryendpoint.

From there, the attacker accessed “several other employee accounts” (Uber does not go into details on how this happened), which gave them elevated permissions to a couple of tools, includingGoogleWorkspace and Slack.

Slack and invoices

Slack and invoices

Although the group is yet to take responsibility for the attack, Uber has laid the blame onLapsus$, a known extortion group that’s previously breached the likes ofMicrosoft, Cisco,Samsung,Nvidia, and Okta.

Uber claims that the impact of the attack was limited, as while the attacker accessed several internal systems, they weren’t able to access production systems that power Uber’s apps. User accounts were safe, as well as the database holding sensitive user information (credit card numbers, bank account info, trip history). Even if the attacker managed to access credit card data or personal health data, this data is encrypted, the company says.

Furthermore, the attackers made no changes to Uber’s codebase. Customer and user data stored by cloud providers was not tampered with, either. However, internal Slack messages, as well as data from a tool used to manage invoices, have been taken.

When news of the data breach first broke, security researchers and the media were focused on the fact that the attackers accessed Uber’s dashboard at HackerOne, as that would give them insights into various vulnerabilities the company has, possibly including those that are yet to be fixed.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

IHG data hack was done “for fun”>Uber confesses it covered up a huge data breach>Here’s our rundown of the best antivirus tools around

When news of the data breach first broke, security researchers and the media were focused on the fact that the attackers accessed Uber’s dashboard at HackerOne, as that would give them insights into various vulnerabilities the company has, possibly including those that are yet to be fixed.

That would open the doors for a number of different cyberattacks. However, Uber now says any bug reports the attackers accessed have been fixed.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

New Secretlab Skins Lite let you overhaul the look of your chair for under $100