Image default

Uber Says It Was Doubtless Hacked by Teenage Hacker Gang LAPSUS$

Image for article titled Uber Says It Was Likely Hacked by Teenage Hacker Gang LAPSUS$

Photograph: Matthew Horwood (Getty Photos)

Uber has revealed further details about how it was hacked, claiming that it was focused by LAPSUS$, a cybercriminal gang with a hefty observe file that’s considered composed largely of teenagers.

Final week, somebody broke into Uber’s community and used the entry to trigger all types of chaos. The offender, who claims to be 18 years outdated, managed to spam firm workers with vulgar Slack messages, submit an image of a penis on the corporate’s inner web sites, and leak pictures of Uber’s inner setting to the net. Now, the ride-share big has launched a statement offering particulars on its ordeal.

Particularly, the corporate has launched extra details about the way it was hacked, largely confirming an account made by the hacker themself. Uber says that the hacker exploited the login credentials of an organization contractor to initially acquire entry to the community. The hacker might have initially purchased entry to these credentials through the darkish net, Uber says. The hacker then used them to make a number of login makes an attempt to the contractor’s account. The login makes an attempt prompted a slew of multi-factor authentication requests for the contractor, who finally authenticated certainly one of them. The hacker has previously claimed that it carried out a social engineering scheme to persuade the contractor to authenticate the login try.

Safety consultants have known as this an “MFA fatigue” assault. This more and more frequent intrusion tactic seeks to overwhelm a sufferer with authentication push requests till they validate the hacker’s illegitimate login try.

Most apparently, Uber has additionally claimed that whoever was behind this hacking episode is affiliated with the cybercrime gang “LAPSUS$.” It’s not completely clear how Uber is aware of that. The corporate’s assertion reads:

We consider that this attacker (or attackers) are affiliated with a hacking group known as Lapsus$, which has been more and more lively during the last yr or so…There are additionally reviews over the weekend that this similar actor breached online game maker Rockstar Video games.

As you could have heard, Rockstar Video games was, indeed, hacked this week, in a reasonably disastrous episode that noticed footage of its unreleased title Grand Theft Auto VI leaked on-line in a pretty unfinished state. The hacker behind that breach is claiming that they’re the identical individual behind the Uber hack. Gizmodo reached out to Rockstar Video games to inquire whether or not it might attribute its personal information breach to the LAPSUS$ gang. We’ll replace this story if we hear again.

LAPSUS$ rose to prominence earlier this yr when the gang claimed to have hacked a lot of distinguished tech corporations, together with Microsoft, Cisco, Samsung, Okta, Nvidia, and Ubisoft, amongst others. The alleged ringleader of the gang, a 16-year-old who glided by the pseudonym “White,” was arrested in March however, as a consequence of his age, his identification has not been publicly revealed. The gang has continued to be active, nonetheless, as this latest episode seems to display.

In its replace, Uber additionally reiterated that it had not seen any proof to recommend that person information was compromised through the incident:

…we’ve not seen that the attacker accessed the manufacturing (i.e. public-facing) methods that energy our apps; any person accounts; or the databases we use to retailer delicate person data, like bank card numbers, person checking account data, or journey historical past. We additionally encrypt bank card data and private well being information, providing an additional layer of safety.

Let’s hope they’re proper about that.

Related posts

Transportable SSD designed for telephones and tablets


Apple’s iPhone 14 Professional Makes Ditching Android Extra Tempting Than Ever


Cursed Xbox Controller Replaces Buttons With Analog Joysticks