Uber breach stemmed from contractor, Lapsus$ hackers suspected

Upcoming News

Uber Technologies Inc.

on Monday supplied further main points in reference to ultimate weekā€™s safety breach.

The ride-hailing corporate mentioned an EXT contractor had their account compromised by way of an attacker, in keeping with a regulatory submitting. The corporate mentioned it’s most likely the attacker bought the contractorā€™s Uber company password at the darkish internet after their private tool have been inflamed with malware. The contractor approved a two-factor login approval request after repeated requests from the attacker, leading to a a hit login.

The San Francisco-based corporate mentioned it believes the attacker or attackers are affiliated with hacking workforce Lapsus$. The corporateā€™s investigation continues to be ongoing.

Uber mentioned it hasnā€™t noticed that the attacker accessed its manufacturing techniques that energy its apps, any person accounts or databases it makes use of to retailer delicate person knowledge. The corporate added that it reviewed its codebase and hasnā€™t discovered that the attacker made any adjustments. Uber additionally mentioned it hasnā€™t discovered that the attacker accessed any buyer or person information saved by way of its cloud suppliers.

The attacker downloaded some inner Slack messages, in addition to accessed or downloaded knowledge from an inner instrument its finance group makes use of to regulate some invoices, Uber mentioned, including that it’s recently examining the downloads. The attacker was once ready to get right of entry to its dashboard at HackerOne, however any trojan horse reviews the attacker was once ready to get right of entry to were remediated, Uber mentioned.

Upcoming News
Credited By:

Leave a Comment