The ride-hailing company said a hacker linked to the Lapsus$ group was responsible for last week's attack.
On Monday, Uber announced that the hacker behind the cyberattack that occurred last week is affiliated with the notorious Lapsus$ hacking group. Security officials with the ride-hailing company described the cyberattack as a major data breach that impacted Uber's internal communications system, which had to be temporarily shut down.
Reuters reported that the alleged Lapsus$ Group hacker was unable to access user accounts and databases that contained sensitive user information. However, it did target "several internal systems," Uber confirmed, adding that an investigation was currently underway and that they were in the process of identifying if there had been any "material impact" from the cyberattack. Uber confirmed that it was already working with the FBI and the US Justice Department over the cybersecurity breach.
How Lapsus$ Group Hackers Compromised Uber's Internal Systems
Uber claimed that the cybersecurity breach was carried out by a lone hacker linked to the Lapsus$ Group last week, USA Today reported. The hacker allegedly posed as an Uber employee and tricked a legitimate worker into providing their credentials, thereby obtaining system administrator levels of access.
The hacker then took screenshots that they shared with security researchers, proving that they gained access to Uber's cloud-based systems, the USA Today report added. The hacker identified himself as an 18-year-old but failed to disclose how long he had been inside Uber's systems and whether they destroyed or corrupted any data.
One researcher who chatted with the alleged Lapsus$ Group hacker online described it as a "really bad" and "awful" access to Uber's network. A bunch of screenshots also appeared on social media showing the extent of the cybersecurity breach, the report concluded.
Uber Reveals Technical Details of Cybersecurity Breach
The hacker linked to the Lapsus$ Group, which is notorious for launching attacks against other tech giants including Microsoft, Cisco, NVIDIA, and Samsung, used a social engineering tactic to gain access to Uber's internal systems, Bleeping Computer reported. This tactic involved inputting two-factor authentication (2FA) login requests until the valid one was accepted.
Once gaining access, the hacker also managed to post a message to Uber's Slack channel and even reconfigured the company's OpenDNS to display a "graphic image" to users on some internal sites, Uber said. In the statement, Uber said that they have already worked on identifying any employee accounts that may have been compromised by the Lapsus$ Group hacker and disabled internal tools that may have been affected by the cybersecurity breach.
Uber also asked employees to re-authenticate as an extra layer of security. The ride-hailing company confirmed that they neither found any evidence that may indicate that a malicious code had been embedded in its codebase, nor any indication that the hacker accessed or used its customer data.
What the hacker from Lapsus$ Group did access, however, was Uber's invoices within an internal tool and HackerOne vulnerability reports, a separate Bleeping Computer report revealed. Uber confirmed that it is now working on "several leading digital forensics firms" in its ongoing investigation to hold the hacker from Lapsus$ Group accountable for his actions.
Related Article: Uber Assures That No Sensitive Data Has Been Stolen During Hack
