Uber believes it has identified the team behind last week’s hack, and the name sounds all too familiar. In its latest update on the breach, Uber said the perpetrators were linked to Lapsus$, a hacking group targeting tech companies including Microsoft, Samsung and T-Mobile. The same intruders may also be responsible for the Rockstar hack that leaked Grand Theft Auto VI , Uber said.
The culprit may have accessed Uber’s internal systems. An attacker may have purchased the contractor’s login details on the dark web after exposing them through a malware-infected computer. Two-factor authentication initially prevented hackers from getting in, but contractors accepted authentication requests — enough to help intruders compromise employee accounts and abuse corporate apps like Google Workspace and Slack.
As before, Uber stressed that the hackers did not gain access to public-facing systems or user accounts. The codebase also remains the same. While it is true that those responsible broke Uber’s bug bounty program, any bug reports involved have been “fixed.” Uber reined in hacking attacks by restricting compromised accounts, temporarily disabling tools, and resetting access to the service. There is additional monitoring for unusual activity.
Incident update indicates relatively limited damage to Uber. However, it also shows that despite the arrest, Lapsus$ is still attacking high-profile targets. It also highlights the continued vulnerability of major tech companies to hacking attacks. In this case, one wrong move by a contractor disrupted Uber’s operations.
All products recommended by Engadget are selected by our editorial team independently of our parent company. Some of our stories include affiliate links. We may receive an affiliate commission if you purchase through one of these links. All prices are correct at the time of publication.