Uber blames hacking group Lapsus$ for breach, says contractor's password was sold on dark web
The cybercrime group has been accused of hacking several other tech companies, most recently leaking early gameplay footage of 'Grand Theft Auto VI'
Uber pinned the blame for last week's cybersecurity breach on the cybercrime group Lapsus$, which has been responsible for hacks of several other technology companies this year.
The hacker allegedly purchased the Uber corporate password of a contractor off the dark web and used those credentials to log in to the company's internal systems.
"From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack," Uber said Monday.
Before Uber took down its internal communications, the hacker sent a Slack message to employees that read: "I announce I am a hacker and Uber has suffered a data breach."
T-MOBILE HACKER WHO STOLE DATA ON 50 MILLION CUSTOMERS: ‘THEIR SECURITY IS AWFUL’
Uber said that the hacker did not access any private information of customers, such as user accounts, bank account info, or ride history.
Ticker | Security | Last | Change | Change % |
---|---|---|---|---|
UBER | UBER TECHNOLOGIES INC. | 74.28 | +1.34 | +1.84% |
CLICK HERE TO READ MORE ON FOX BUSINESS
The same hacker also claimed responsibility for the leak of early gameplay footage of the game "Grand Theft Auto VI" on Sunday.
Lapsus$ has also hacked Microsoft, Nvidia, Samsung, Ubisoft, Brazil's Ministry of Health, and others.