Uber confirms hack and identifies Lapsus$ hacker as responsible for digital attack

Update (20/09/22) – JB

After a preliminary investigationUber confirmed that a hacker associated with group Lapsus$ is responsible for invading the company’s servers. The incident happened last week and the damage has not yet been disclosed by the company.

According to the transport app, sensitive user data such as credit card numbers, bank accounts or travel details were not exposed. Apparently, the hacker only focused on other areas of the company.

The hacker accessed several internal systems and our investigation focused on determining if there was any material impact.

The company also said it was in coordination with the FBI and the US Department of Justice to expand investigations.

It is worth remembering that the Lapsus$ group has already invaded systems of the Ministry of Health in Brazil and even companies such as Nvidia, Microsoft and Okta.

uber duty


Tech
16 Aug

Uber announces end of Rewards loyalty program in November this year


economy and market
14 Aug

Original text (16/09/22)

Uber investigates alleged hacking carried out by 18-year-old

Uber says it is investigating a “cyber incident” after reports of the company’s internal systems were compromised.

The alleged hacker is an 18-year-old, who claims to have access to the company’s Amazon Web Services and Google Cloud Platform tools. The New York Times says Uber has temporarily disabled several internal services, such as Slack, to investigate the security breach.

uber duty


Tech
16 Aug

Uber announces end of Rewards loyalty program in November this year


economy and market
14 Aug

In a response to a spokesperson for The Verge, Uber declined to answer questions and posted a statement on Twitter. The company says it is investigating the incident and is in contact with authorities, saying it will provide more information soon.

The young man would have entered the company’s internal Slack and revealed himself as a hacker and that the company would have suffered the attack.

The photos circulated on Twitter and new information suggests that he would have accessed confidential company information and posted it with a hashtag saying that Uber underpays its drivers.

The hacker’s Slack message was so absurd that Uber employees thought it was a joke, according to the Washington Post. They responded with emoticons of sirens, popcorn, and even a GIF.

The hacker claimed to the New York Times that he was 18 years old and told The Post he hacked into Uber for fun and intends to leak the company’s source code. Apparently, he would have obtained an employee’s credentials by social engineering, which allowed him to access the company’s VPN, hacking the company’s AWS and G Suites accounts.

An unnamed Uber employee told Yuga Labs security engineer Sam Curry that the team was interacting with the hacker thinking it was a joke by another employee.

Uber

Developer: Uber Technologies, Inc.

Free – offers in-app purchases

Size: Varies by platform

See also

Leave a Comment