Uber Hack: A few days ago, Uber suffered a cyberattack, which resulted in information disclosure of sensitive data such as screenshots of the company’s internal systems, email dashboards, and Slack servers used for internal communications of employees. Fortunately for Uber, the attack did not access the company’s production environment, user accounts, or databases where they stored sensitive information.
Uber, on an update, said it didn’t find evidence that its code base, user data, and information were manipulated, altered, or deleted. However, the attacker did manage to gain access to the internal system of the company, where vulnerability reports were stored, on the finance teams’ tool to manage invoices and the Slack platform used by staff to communicate with each other.
“Any bug reports the attacker was able to access have been remediated,”THE COMPANY SAID IN THE UPDATE.
At first, the alleged attacker was an 18-year-old who managed to gain access to Uber’s inner systems through social engineering methods towards Uber’s employees. According to investigations, the attacker got their hands on a contractor’s account, who most likely purchased the individual corporate’s password on the dark web. It appears that the victim had their personal device infected with malware, exposing their credentials and leaking them into the dark web. The threat actor initiated a multifactor authentication fatigue attack, wherein they repeatedly tried to log in to the contractor’s Uber account, which prompted two-factor authentication requests. According to Uber, the contractor eventually accepted one of those requests, which allowed the threat actor to log in successfully.
The attacker also posted messages on the Slack platform, which was now breached, and stated to other employees that Uber had been hacked. At first, these statements were taken as a joke between employees, but it was later realized that they were dealing with a real threat.
But since last week, Uber has changed their statement, and it’s believed that behind these attacks is Lapsus$, the extortion group responsible for attacks this year on Cisco, Nvidia, Microsoft, Okta, Samsung, and, reportedly, Rockstar Games over the weekend.
Uber said it’s closely coordinating recovery and response efforts with the FBI and Department of Justice and has since confirmed the attack, tweeting that they are in touch with law enforcement and will post additional information as it becomes available.
“We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” tweeted the Uber Communications account.
Uber hack: In an additional update, Uber posted that though the investigation is still running, their other platforms are up0 and running without any damage.
“We have no evidence that the incident involved access to sensitive user data … All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational… As we shared yesterday, we have notified law enforcement… Internal software tools that we took down as a precaution yesterday are coming back online this morning.”, are some of the statements posted by Uber executives online.