As investigations progress, extra details about the hacker intrusion into the corporate’s inside methods Uber are revealed. Final Monday (19), the ride-sharing companies firm gave extra particulars about how the assault came about and indicated the principle suspect: the cybercriminal group. lapse $.
Uber attributes assault to the identical hacker from GTA VI
In an replace publish About what occurred, Uber defined how the assault came about: in brief, an organization contractor had his credentials uncovered after his system was contaminated by malware. Subsequently, the company entry password is believed to have been bought on the darkish net.
It isn’t recognized whether it is a number of attackers, however the suspicion is that the client (and actor of the invasion) is affiliated with the Lapsus$ hacker group. That is as a result of the group used comparable strategies to invade methods from Microsoft, Cisco, Samsung, Nvidia, Okta, amongst different firms.
There are even experiences that the cybercriminal is similar one who leaked particulars of GTA VI final weekend.
“i’m seeking to negotiate a deal”
GTA VI leaker says they’ve woken as much as 1000’s of messages and are calling on individuals from Rockstar/Take Two to contact them. pic.twitter.com/cnPs57NAt7
— Stephen Totilo (@stephentotilo) September 18, 2022
With the credential in hand, the attacker repeatedly tried to entry Uber’s inside methods till he succeeded. Since then, different worker accounts have been breached and given the cybercriminal elevated permissions to a number of instruments — together with G-Suite and Slack.
Of the evils, the least
It might be troublesome to see something constructive in a hacker invasion. However the excellent news — or much less worse information — is that Uber’s investigations discovered that customers’ confidential data, bank card numbers, checking account data and journey historical past weren’t accessed by third events.
Buyer information saved on cloud suppliers reportedly emerged unscathed from the hack. The corporate’s codebase was additionally reviewed and no adjustments made by the attacker have been discovered.
Lastly, Uber reveals that the hacker might have accessed a doc with bugs and vulnerabilities from the corporate, however claims that every one safety flaws have already been fastened.
The corporate additionally reinforces that it’s going to proceed to collaborate carefully with the FBI, US Division of Justice and leaders in digital forensics for deeper investigations into what occurred.