The latest data breach comes from Uber. This incident caused a lot of stir on the net. However, it turns out not only this company but also other tech giants suffered from the hack. Recently, Uber commented on the matter, blaming the Lapsus$ hacking group. At the same time, Uber proves that no customer or user data was spotted.
Everything commenced when last Thursday, Uber had to take several of its internal systems offline, including Slack, Amazon Web Services, and Google Cloud Platform.
By the way, last week, another huge breach shook the tech world. We are talking about the GTA 6 materials’ massive leak. Rockstar Games has also confirmed that the leaked content is genuine. What’s worse, there are assumptions that the same hacking group is behind both data breaches.
Anyway, this is too serious, and, logically, Uber is in close contact with the FBI and US Justice Department.
What the hacker did was download some internal Slack messages, plus some info from an internal tool that the company’s finance department uses. “We are currently analyzing those downloads,” the company said in a statement.
Gizchina News of the week
Uber Accuses Lapsus$ Of Data Breach
As for the alleged hacking group, Lapsus$ is famous for waging a ransomware attack against the Brazilian Ministry of Health in December 2021. At that time, they could steal the COVID-19 vaccination data of millions of Brazilians. The group has also managed to break the systems of many high-profile companies, such as Nvidia, Samsung, Microsoft, and Vodafone. Previously, London police arrested a few team members of the hacking group. They all were teenagers.
See how simple it works. Uber already confirmed that the hackers just bought an Uber contractor’s corporate password on the dark web. This happened after the Uber employee’s personal device had been infected with malware. In effect, the other hackers could teal his credentials.
“The attacker then repeatedly tried to log in to the contractor’s Uber account,” the company said. “Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.”