Uber fell target to an interior hack final 7 days and now the rideshare firm is releasing info on who was at the rear of it.
In surprise news, the offender was allegedly an 18-calendar year-aged hacker who was ready to get into Uber’s inside units (like G-suite and Slack) hence putting the company by way of a information breach.
The anonymous hacker arrived forward to the New York Instances and told the outlet that he pretended to be an IT worker for Uber and sent an Uber worker a textual content message asking for his password which gave him obtain to the inner units.
“An Uber EXT contractor had their account compromised by an attacker,” Uber reported in a web site write-up yesterday. “The attacker then regularly experimented with to log in to the contractor’s Uber account. Every single time, the contractor gained a two-variable login acceptance ask for, which at first blocked accessibility. Ultimately, on the other hand, the contractor accepted one particular, and the attacker productively logged in.”
Uber discussed that they feel the hacker (or hackers) are section of the team Lapsus$ — centered on the tactics they utilised to get into Uber’s techniques — and are also responsible for hacks before this yr at Microsoft, Samsung, and Cisco.
They are also believed to be at the rear of the new leak at Rockstar Online games the place footage from the newest iteration of the online video sport Connect with of Duty was compromised this 7 days.
The organization recognized it experienced been compromised immediately after the teenager posted a information to the enterprise-wide slack channel.
— Colton (@ColtonSeal) September 16, 2022
When applying Slack, workers were reportedly redirected to a pornographic picture with subtext using expletives, per sources on Twitter.
“We’re performing with various major electronic forensics companies as element of the investigation. We will also acquire this possibility to go on to strengthen our policies, techniques, and technology to further defend Uber from long term assaults,” Uber mentioned.
The business preserved that none of its buyer-experiencing solutions like Uber and Uber Eats experienced any compromised details, while the services have been briefly impacted soon after inside instruments had to be taken down on account of the hack.
Uber has had a tough go of it the past pair of years, right after a extraordinary exit by former CEO Travis Kalanick in 2017 brought to light allegations of sexual harassment and discrimination at the organization.
The company also faced a individual leak previously this summer when files surfaced to the community showcasing questionable inner techniques and firm culture.
Uber was down just shy of 21% calendar year more than calendar year as of Tuesday afternoon.