Uber Technologies Inc said on Monday a hacker affiliated with the Lapsus$ hacking group was responsible for a cyber attack that forced the ride-hailing company to shut several internal communications temporarily last week.
Uber's computer network was breached on Thursday leading it to take several internal communications and engineering systems offline, the New York Times reported. There was no indication that Uber’s fleet of vehicles or its operation was in any way affected.
“It seems like they’ve compromised a lot of stuff,” said Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That includes complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data, he said.
Lapsus$ is a hacking group known for waging a ransomware attack against the Brazilian Ministry of Health in December 2021, compromising the COVID-19 vaccination data of millions within the country. It has also targeted firms including Nvidia, Microsoft Corp and Okta Inc, an authentication services company relied on by thousands of major businesses. According to BBC, the gang gained notoriety in a short space of time thanks to its high-profile targets and active presence on the messaging app Telegram. Its channel has grown to 47,000 subscribers.
The hacker, who goes by the name "teapotuberhacker," also reportedly claimed to leak early gameplay footage of Take-Two Interactive Software Inc's muck-awaited game "Grand Theft Auto VI" on Monday.
The cybersecurity incident had brought down Uber's internal communication system for a while and employees were restricted to use the Salesforce-owned office messaging app Slack.
Uber said the attacker logged in to a contractor's Uber account after they accepted a two-factor login approval request following multiple requests, giving the hacker access to several employee accounts and tools such as G-Suite and Slack.
Curry also said there was no indication that the hacker had done any damage or was interested in anything more than publicity. “My gut feeling is that it seems like they are out to get as much attention as possible.”
The hacker had alerted Curry and other security researchers to the intrusion on Thursday evening by using an internal Uber account to comment on vulnerabilities they had previously identified on the company’s network.
The hacker provided a Telegram account address and Curry and other researchers then engaged them in a separate conversation, sharing screenshots of various pages from Uber’s cloud providers to prove they broke in.
Uber said the attacker had not accessed any user accounts and the databases that store sensitive user information such as credit card numbers, bank accounts or trip details.
"The attacker accessed several internal systems, and our investigation has focused on determining whether there was any material impact," Uber said, adding that the investigation was still ongoing.
The company said it was in close coordination with the FBI and the US Department of Justice on the matter.
(With agency inputs)
First Published: Sept 20, 2022 3:22 PM IST
