How Uber security was breached This Month by  Lapsus$ Gang
Reading Time: 2 minutes

Uber security was breached This Month by  Lapsus$ Gang, the American mobility service provider admitted many of their internal systems including the corporate G Suite account, and downloaded internal Slack messages, along with a tool used by its finance department to manage a few invoices.

Uber confirmed in a security update on Monday the Lapsus gang accessed their HackerOne bug bounty dashboard. However it claimed any bug reports the attackers accessed have been rectified. 

Uber believes whoever hacked Rockstar Games confidential data of Grand Theft Auto 6 also hacked Uber.

The administrator of a cyber-crime forum speculated that the person behind the Uber intrusion also hacked Rockstar Games and was involved with Lapsus$ another hacking group.

The researchers in a tweet mentioned Uber has not given any information about the breach and is putting users’ personal information in danger.

The intruders breached Uber’s AWS account, SentinelOne security dashboard, VMware vSphere control panel, and other critical parts of its IT infrastructure. Additionally they also got access to private source code repositories, internal documents, and more.

Washington Post in a report stated, the hackers aged 18 yrs broke into Uber for fun, describing the company security as awful and threatened to leak some of its source code. 

Today Uber said the attacker did not make any changes to the codebase, and there was no evidence of miscreants accessing confidential data or sensitive information of driver,  customer, or other user data. 

“The malicious actors have also attempted to hack into our production system, which powers our apps. However, any user accounts or databases we use for storing sensitive data, like credit card numbers and user bank account information or the trips history of users, are not accessible by these bad actors.”

It also repeated its earlier statements suggesting public-facing Uber, Uber Eats, and Uber Freight services remained operational during the incident. 

In yet another security update today, Uber has accepted that an external contractor whose login credentials may have been sold on the dark web after the details were siphoned from their “personal device” – PC or phone – via malware.

The bad actors are bombarding users with multi factor authentication requests, making them think it’s a glitch and hitting yes which makes it possible for them to spam and are able to login. 

Uber has not mentioned any discovery on the network of a PowerShell containing admin account credentials hardcoded in, as claimed by the bad actor last week.

The ride sharing app has identified and blocked compromised and potentially compromised employee accounts. Affected internal tools have been disabled and access keys to several cloud services have been rotated. Additionally Uber has also locked down its codebase and implemented stronger multi-factor authentication policies.

The company is working in coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts.

Related Articles:
Emotet Botnet Is Distributing Quantum and BlackCat Ransomware
Free Decryptor for LockerGoga Ransomware Available
Microsoft Tracks a Large-Scale Click Fraud Campaign Targeting Gamers