Uber Names Culprit Responsible For Its Massive Data Breach

Uber says it believes Lapsus$ is responsible for the hack it suffered last week and that it has found no evidence that any driver or rider accounts have been compromised at this time.

By Kristi Eckert | Published

Why Shipping Packages Will Soon Cost Incredibly More Money

Last week Uber admitted to suffering a hack of unknown scale or severity. Uber announced that it had launched an investigation into the cause and culprit behind the data breach. The company recently made more details publicly available, highlighting that it believes notorious cybercriminal group Lapsus$ is responsible for the attack. 

Uber has asserted that at this time it has no reason to believe that any driver or rider accounts have been compromised as a result of the hacker’s pursuits. That said, it did find evidence that many of its internal systems were accessed. These systems include Slack, Amazon Web Services, and Google Cloud Platform, according to The Verge

Employees familiar with the matter had previously come forward to say that the hacker accessed the company’s internal systems via Slack. Those employees believed that the cybercriminal was posing as an Uber IT employee. It turns out that those employees were correct in their beliefs. 

Uber relayed that its investigation revealed that the hacker likely purchased an IT employee’s credentials on the dark web. Once the suspected hacker had these details they were able to bypass two-factor identification by bombarding the individual’s account with password reset requests. Eventually, the compromised Uber employee took the bait.

The hacker then proceeded to infiltrate Uber’s internal systems now that they had access via the employee’s account. In a demonstration of social engineering, the cybercriminal convinced other Uber employees via slack to hand over their account credentials. Some individuals did, believing that they were giving access to an IT employee. 

Uber GoDaddy cybercriminals

With the additional credentials in their possession, the hacker proceeded to infiltrate Amazon Web Services and Google Cloud Platform. It was also determined that the individual(s) responsible also downloaded Slack conversations and financial invoices. Once seemingly accomplishing what they set out to do, the hacker informed employees that they suffered a hack.

The cybercriminal lit up all the systems that they had gained access to with a message. “I announce I am a hacker and Uber has suffered a data breach,” read the message to employees. As of now, Uber said that it’s in the process of “analyzing the downloads” and is working with both the FBI and the Justice Department to uncover the full extent of what was taken.

Additionally, Uber also said that it would be using this incident as an opportunity to revisit and strengthen all of its security policies. Interestingly, this is not the first time that Uber has suffered such a massive hemorrhage of data, back in 2016 the company suffered a hack that they hid from the public for an extended amount of time. Given its past track record, it’s certainly a wise idea for Uber to delve deeper into potential vulnerabilities, especially since the latest hack was somewhat of a repeat occurrence. 

If Uber is correct in its belief that the Lapsus$ group was responsible for the attack, it is one in a long list of high-profile companies that the cybercrime group has been able to gain access to. In addition to Uber, Lapsus$ successfully breached companies like Microsoft, Samsung, and Nvidia. What’s more, is that every person who has been arrested in connection to prior Lapsus$ hacks have all been teenagers.