'Lapsus$ hackers broke into our internal systems', reveals Uber


New Delhi, Sep 20 (IANS): Ride-hailing major Uber has blamed the infamous Lapsus$ hacking group for the cyber attack on its internal systems last week.

The company reiterated that no customer or user data was compromised during the breach.

"We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so," Uber said in an update.

This group typically uses similar techniques to target technology companies, and this year breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others.

"There are also reports that this same actor breached video game maker Rockstar Games. We are in close coordination with the FBI and the US Department of Justice on this matter and will continue to support their efforts," Uber added.

The attacker accessed several internal systems at Uber.

The company said it did not see that the attacker accessed the production (public-facing) systems that power its apps; any user accounts; or the databases it uses to store sensitive user information, like credit card numbers, user bank account info, or trip history.

"We reviewed our codebase and have not found that the attacker made any changes. We also have not found that the attacker accessed any customer or user data stored by our cloud providers," said Uber.

It does appear that the attacker downloaded some internal Slack messages, according to Uber, as well as accessed or downloaded information from an internal tool "our finance team uses to manage some invoices".

"We are currently analysing those downloads".

The attacker was able to access the Uber dashboard at HackerOne, where security researchers report bugs and vulnerabilities.

"However, any bug reports the attacker was able to access have been remediated," Uber added.

Lapsus$ waged a ransomware attack against the Brazilian Ministry of Health in December 2021, compromising the vaccination data of millions.

Earlier this year, the UK Police arrested several members of the group earlier this year, most of them teenagers.

 

  

Top Stories


Leave a Comment

Title: 'Lapsus$ hackers broke into our internal systems', reveals Uber



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.