The leader of the VTC has indicated that the criminal behind the attacks against his company as well as the leaks of the GTA VI game would be a member of the Lapsus$ group.
Uber has clues to the biggest cyberattack on its business. The VTC group unveiled this September 19 in a press release that he suspected a member of the Lapsus$ hacker group of having stolen the company’s sensitive data. The criminal managed to steal personal identifiers on September 16 from an employee after inundating him with false connection requests.
” From then on, the attacker gained access to several other employee accounts, which eventually gave him permissions for a number of tools, including the Google suite and Slack. ”explained Uber.
The company added that it only found ” no evidence that one could access production systems that store sensitive user information, including personal and financial data, credit card numbers or travel history, for example. »
Leaked vulnerability reports
However, Uber admits that the hacker went to the HackerOne platform, where cyber experts report site and app bugs and vulnerabilities. All bug reports the attacker was able to access have been fixed advances the company.
But the press release does not stop there, since Uber also reveals that the group Lapsus$ would also be responsible for the highly publicized attack against Rockstar Games which unveiled extracts from the highly anticipated GTA VI. ” It was reported over the weekend that the same actor broke into video game maker Rockstar Game. We are working closely with the FBI and US Department of Justice on this case and will continue to support their efforts. says Uber.
To top it off, the malefactor in question is said to be only 18 years old – he himself revealed his latest age while mocking hacked Uber employees on Slack messaging. Gold, British law enforcement arrested in March a group of seven young people, suspected of having attacked Microsoft, Samsung and Nvidia. These operations had been officially claimed by Lapsus$.
Many questions are still unanswered, but Uber is perhaps too reassuring on certain points. It would not be surprising if the malefactor has already put the vulnerability reports on sale, which will be perfectly studied to carry out other attacks.