Last Thursday, an unknown cybercriminal gained access to Uber’s computer network by hacking into the account of an EXT contractor, perhaps after obtaining the employee’s credentials on the dark web. On Monday, Uber wrote that it is likely the contractor’s personal device was infected with malware, which allowed the credentials to be compromised.
The contractor accepted a verification notification from an unknown source, which Uber said gave the attacker access despite the company’s online security measures for employee logins. As a result, the hacker gained access to numerous G Suite and Slack accounts, among others.
Hacking outfit Lapsus$, which Uber accused, was responsible for similar assaults in 2022 that compromised Microsoft, Cisco, Samsung, Nvidia, Okta, and others. This past Sunday, Lapsus$ allegedly broke into Rockstar Games and released unfinished Grand Theft Auto VI gameplay footage.
Last week, Uber acknowledged an allegation that a hacker had sent a message to an internal Slack channel and “reconfigured Uber’s OpenDNS to display a visual picture to employees on several internal sites.”
Uber claims in its blog post that no user information was compromised and that all of its services are now operating normally.
“First and foremost, we have not observed evidence the attacker accessed the production (i.e. public-facing) systems that operate our applications; any user accounts; or the databases we use to hold sensitive information like credit card numbers, user bank account info, or trip history,” Uber added. In addition, we add an extra degree of security by encrypting sensitive information like credit card numbers and medical records.
Uber claims to have taken immediate action in response to the security breach to protect internal systems and user data. This included identifying employee accounts that were compromised and blocking their access to Uber systems or requiring a password reset; disabling several internal tools; resetting access to many internal services; locking down the codebase; requiring employees to re-authenticate when access was restored, and adding internal environment monitoring “to keep an eye on things.”
According to Uber, the company is cooperating extensively with the FBI, the US Department of Justice, and “many renowned digital forensics organizations” in the continuing investigation.
After Thursday’s hack, Uber temporarily disabled numerous internal communications and engineering systems and told staff to avoid using the messaging platform Slack. As of Friday morning, all Uber services—including Uber, Uber Eats, Uber Freight, and Uber Drive—were operational, and Uber was re-enabling its internal software systems.
