Uber Technologies has brought out that, the cyber attack on the company’s internal communication system was carried out by a group associated with Lapsus$. Internal communications services of the company were disrupted for a brief period due tot the attack and the company employees communicated through slack for the period. Screenshots of the security breach are also doing rounds on the micro-blogging site Twitter.
Lapsus$ Group
The Lapsus$ group has been involved in some high-profile cyber-attacks this year. It has carried out attacks on Nvidia, LG, Microsoft and T-Mobile in recent months. Lapsus$ latest attack was on an identity service Okta. Reports point to the involvement of young boys in their teens, behind the recent attacks by the group. The group reportedly asks its subscribers on a telegram channel to vote for the next target for the hack.
Confidential User Data Not Compromised
Uber Technologies has brought that, the group managed to penetrate through, the internal systems of the company. The company clarified that databases containing confidential user information have not been compromised. Uber said that the company is still assessing the impact of the cyber-attack.
The company accepted that the hacker had been successful in downloading data from an internal tool used for invoicing bills and a few messages from the slack app. Uber said that it is currently analyzing the downloads by the hackers.
Help From Other Agencies
Uber Technologies has also said that, besides getting help from federal agencies, the company has reached out to the digital forensics unit.
Explaining the modus-operandi, Uber said that the group barged into the servers after getting the log-in approval, using the account of a contractor. The entry allowed hackers access to user accounts and various tools of the company. Reports bring out that, the personal phone used by the contractor was compromised with malware. Hackers allegedly exploited his device to get the credentials required.
A hacker involved in Uber technologies attack is also reported to be engaged in a negotiation in a deal with Take-two interactive software, after allegedly leaking, footage of the game ‘Grand Theft Auto VI’. The hacker group is yet to comment on the development.
Uber Technologies has said that the company takes the breach as an opportunity to strengthen its security further to prevent attacks later. We will also take this opportunity to continue to strengthen our policies, practices, and technology to further protect Uber against future attacks,” the company said.