New Delhi: Uber Technologies Inc. said that the hacker behind the data leak discovered last week is a member of the renowned extortion gang Lapsus$, which has attacked big businesses this year, including Microsoft Corp., Cisco Systems Inc., Okta Inc., and Samsung Corp.
After an attacker breached its network and sent messages to employees informing them that Uber had been hacked, Uber shut down parts of its internal software and messaging services on Thursday.
“We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so,” a company spokesperson said in an announcement Monday.
Uber also stated it was cooperating with the FBI and the US Department of Justice to conduct an investigation into its breach and accepted unsubstantiated accusations that the same criminal had also compromised the systems of video game producer Rockstar Games over the weekend.
Uber stated that it didn’t think the attacker had gained access to any of its systems that were visible to the general public, like user accounts or databases that house private or confidential data. They didn’t gain access to any customer information kept in its cloud by Alphabet Inc.’s Google or Amazon Web Services, it continued.
According to Uber, it was “probable” that the attacker obtained the password of an Uber contractor from the dark web after infecting the contractor’s personal computer with malware. Through a barrage of requests that the contractor eventually granted, the attacker was able to take over the two-factor login approval. From there, the hacker gained access to many employee accounts and obtained security permissions for Uber’s internal systems, including G-Suite and Slack.
Uber also found that the hacker had downloaded private Slack chats and a tool that the finance team uses internally to track some invoices.
There is no reason to worry that the hacker got access to vulnerabilities in Uber’s code because all software vulnerability reports that they viewed through the HackerOne dashboard had already been fixed. HackerOne supports Uber’s bug bounty programme, which enables ethical hackers to look for vulnerabilities that potentially result in breaches in exchange for compensation, or a reward.
Read More :- Latest Business News
Click Here – Download The News 24 App