Uber believes Lapsus$-affiliated hacker caused breach

Ridesharing firm Uber has accused the hacking group Lapsus$ of being responsible for a breach that impacted a number of internal systems.

When Uber discovered the breach, the firm took its Slack messaging platform offline and shut down access to internal communications and engineering systems.

According to New York Times reporting, the hacker said he managed to breach the system after using a social engineering hack by sending a fraudulent text message to an Uber employee, who then revealed their password.

After the password had been taken, the hacker gained access to everything from the internal VPN, corporate network and discovered privileged credentials that unlocked access to vital systems including production systems and the Slack management interface.

An Uber spokesperson said that existing security monitoring processes enabled their teams to quickly identify the issue and attempt to solve it. “Our top priorities were to make sure the attacker no longer had access to our systems; to ensure user data was secure and that Uber services were not affected; and then to investigate the scope and impact of the incident,” they said.

This isn’t the first time that Uber has faced a large breach with the company being ordered to pay a $148 million settlement after allegedly covering up a widespread data breach in 2016. At the current time it is unclear exactly what the hacker was able to extract from Uber but the press release about the breach says the company has “not seen that the attacker accessed the production (i.e. public-facing) systems” or credit card details.

A number of leading digital forensics firms are now working with Uber on the investigation into the hack. The company are also going to use this experience to expand its policies, practices and technologies to better protect themselves from threats of this nature in the future.