Uber Names Hacking Group Responsible for Cyberattack


Uber’s computer network was breached by a cyberattacker last Thursday, who Uber now says hacked into the account of an EXT contractor after likely purchasing the employee’s credentials from the dark web. In a blog post Monday, Uber said it is likely the contractor’s personal device had been infected with malware, leading to those credentials becoming exposed.

Though Uber has online safety precautions in place for employee logins, the contractor unknowingly accepted a verification notification that ultimately granted the attacker access, the ride-share company said. From there, the attacker accessed several employee accounts and tools such as G-Suite and Slack. 

Uber laid the blame on hacking group Lapsus$, which has used similar attacks to breach Microsoft, Cisco, Samsung, Nvidia, Okta and others in 2022. Lapsus$ was most recently reported to have been responsible for breaching Rockstar Games last Sunday and leaking early gameplay footage of Grand Theft Auto VI.

Uber also confirmed a report last week that the hacker sent a message to a company-wide Slack channel and “reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.” 

In its post, Uber says no personal data was compromised and services — including Uber, Uber Eats, Uber Freight services and internal tools — are back to normal and running smoothly. 

“First and foremost, we’ve not seen that the attacker accessed the production (ie public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info or trip history,” Uber said. “We also encrypt credit card information and personal health data, offering a further layer of protection.”

Uber says it immediately worked to respond to the security breach to protect internal systems and user data, including identifying employee accounts that were compromised and either blocking their access to Uber systems or requiring a password reset; disabling several internal tools; resetting access to many internal services; locking down the codebase; requiring employees to re-authenticate when access was restored; and adding internal environment monitoring “to keep an even closer eye on any further suspicious activity.”

Uber said it is closely working with the FBI, the US Department of Justice and “several leading digital forensics firms” on the ongoing investigation.

The attack on Thursday led Uber to temporarily take down several internal communications and engineering systems, and it instructed employees not to use Slack. By Friday morning, Uber, Uber Eats, Uber Freight and Uber Drive were all up and running, and Uber was bringing back online its internal software tools.

Related Posts

Apple-AT&T Identity Thieves Sentenced to 4 Years in Prison

Two men were sentenced to 52 months in prison after pleading guilty to running a scheme where they fraudulently accessed more than 2,000 AT&T mobile accounts that…

Airlines May Finally Have to Refund You if Their Wi-Fi Doesn’t Work

The US Department of Transportation has proposed a new rule that would see flight passengers finally able to get refunds for services they paid for but didn’t…

ExpressVPN’s First VPN Router Aims for Smart Home-Wide Privacy

Virtual private network provider ExpressVPN announced the launch of its first router with a built-in VPN. On Thursday, the British Virgin Islands company said the Wi-Fi 6…

Don’t Miss Out on Windows 11’s 2022 Update. How to Download

The first big upgrade for Microsoft Windows 11 is here. Arriving just a couple weeks before the operating system’s first anniversary, the update enhances Windows 11 security features,…

Make Your iPhone 14 Pro’s Always-On Display Better With This Simple Trick

This story is part of Focal Point iPhone 2022, CNET’s collection of news, tips and advice around Apple’s most popular product. Sorry, but I don’t think Apple’s…

How to Fix the Most Annoying iOS 16 Features on Your iPhone

This story is part of Focal Point iPhone 2022, CNET’s collection of news, tips and advice around Apple’s most popular product. Apple released iOS 16 for the iPhone only a couple…