Uber blames hacking group Lapsus$ for breach, says contractor's password was sold on dark web

close

video

Cybersecurity the 'trade of the decade': Basenese

Wheelhouse CIO Ann Berry and Disruptive Tech Research president Lou Basenese reveal the best cybersecurity stocks to buy on 'Making Money.'

Uber pinned the blame for last week's cybersecurity breach on the cybercrime group Lapsus$, which has been responsible for hacks of several other technology companies this year. 

The hacker allegedly purchased the Uber corporate password of a contractor off the dark web and used those credentials to log in to the company's internal systems. 

"From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack," Uber said Monday. 

Image 1 of 2

Signage outside the Uber Technologies headquarters in San Francisco, California, U.S., on Tuesday, Feb. 8, 2022.  | Getty Images

Before Uber took down its internal communications, the hacker sent a Slack message to employees that read: "I announce I am a hacker and Uber has suffered a data breach." 

T-MOBILE HACKER WHO STOLE DATA ON 50 MILLION CUSTOMERS: ‘THEIR SECURITY IS AWFUL’

Uber said that the hacker did not access any private information of customers, such as user accounts, bank account info, or ride history. 

A person dressed as an internet hacker is seen with binary code displayed on a laptop screen in this double exposure illustration photo. ( Jakub Porzycki/NurPhoto via Getty Images / Getty Images)

CLICK HERE TO READ MORE ON FOX BUSINESS

The same hacker also claimed responsibility for the leak of early gameplay footage of the game "Grand Theft Auto VI" on Sunday. 

Lapsus$ has also hacked Microsoft, Nvidia, Samsung, Ubisoft, Brazil's Ministry of Health, and others.