Uber has released additional information about how was it hackedclaiming that he was attacked by LAPSUS$, a cybercriminal gang with a considerable history believed to be largely composed of teenagers.
Last week, someone broke into Uber’s network and used the access to cause all kinds of chaos. The culprit, who claims to be 18 years old, managed to spam company staff with vulgar Slack messages, post an image of a penis on internal company websites, and leak images from Uber’s internal environment to the web. Now, the ride-sharing giant has launched a declaration providing details about his ordeal.
Notably, the company has released more information about how it was hacked, largely confirming an account done by the hackers themselves. Uber says the hacker exploited the login credentials of a company contractor to initially gain access to the network. The hacker may have originally it bought access to those credentials through the dark web, says Uber. The hacker then used them to make multiple login attempts to the contractor’s account. The login attempts generated a large number of multi-factor authentication requests for the contractor, who eventually authenticated one of them. the hacker has previously claimed who carried out a social engineering scheme to convince the contractor to authenticate the login attempt.
Security experts have called this a “MFA fatigueattack. This increasingly common intrusion tactic seeks to overwhelm a victim with authentication push requests until they validate the hacker’s illegitimate login attempt.
Most interestingly, Uber has also claimed that whoever was behind this hacking episode is affiliated with the “LAPSUS$” cybercrime gang. It’s not entirely clear how Uber knows that. The company statement says:
We believe this attacker(s) are affiliated with a hacker group called Lapsus$, which has been increasingly active over the last year or so… There are also reports over the weekend that this same actor violated the video game manufacturer Rockstar Games. . .
As you may have heard, Rockstar Games was, in fact, hacked this week, in a rather disastrous episode that saw footage of his unpublished title Grand Theft Auto VI online filtering justly unfinished state. The hacker behind that breach claims he is the same person behind the Uber hack. Gizmodo approached Rockstar Games to ask if they could attribute their own data breach to the LAPSUS$ gang. We will update this story if we receive a response.
LAPSUS$ rose to prominence at the beginning of this year when the gang claimed to have hacked several prominent tech companies, including Microsoft, cisco, Samsungokta, nvidiaY Ubisoft, among others. The suspected ringleader of the gang, a 16-year-old using the pseudonym “White,” was arrested in March but, due to his age, his identity has not been publicly released. The gang has continued be activehowever, as this recent episode seems to demonstrate.
In its update, Uber also reiterated that it had not seen any evidence to suggest that user data was compromised during the incident:
… we haven’t seen the attacker gain access to the production (ie, public-facing) systems that power our applications; any user account; o Databases we use to store sensitive user information, such as credit card numbers, user bank account information, or travel history. We also encrypt credit card information and personal health data, offering an additional layer of protection.
Let’s hope they’re right about that.