Uber believes it has identified the team behind last week’s hack, and the name will sound all too familiar. In an update on the breach, Uber said the perpetrator was affiliated with Lapsus$, the hacking group that has targeted tech firms like Microsoft, Samsung and T-Mobile. The same intruder might also have been responsible for the Rockstar hack that leaked Grand Theft Auto VI, Uber said.
It’s also clearer just how the culprit may have accessed Uber’s internal systems. The attacker likely bought the contractor’s login details on the dark web after they’d been exposed through a malware-infected computer. Two-factor authentication initially prevented the hacker from getting in, but the contractor accepted an authentication request — that was enough to help the invader compromise employee accounts and, in turn, abuse company apps like Google Workspace and Slack.
As before, Uber stressed that the hacker didn’t access public-facing systems or user accounts. The codebase also remains untouched. While those responsible did compromise Uber’s bug bounty program, any vulnerability reports involved have been “remediated.” Uber contained the hack by limiting compromised accounts, temporarily disabling tools and resetting access to services. There’s also extra monitoring for unusual activity.
The incident update suggests the damage to Uber is relatively limited. However, it also indicates that Lapsus$ is still hacking high-profile targets despite arrests. It also underscores major tech companies’ continued vulnerability to hacks. In this case, one wrong move by a contractor was all it took to disrupt Uber’s operations.