Uber Points to Lapsus$ Gang as Reason for Breach

uber, Lapsus$ hacking gang, breach, social engineering

The extortion gang Lapsus$ is being blamed by Uber as being responsible for the breach that infiltrated its internal network last week, including its technology systems, Amazon Web Services, Google clouds and VMware systems.

Based in Brazil and the U.K., the notorious cybercriminal operation has been associated with targeting numerous technology companies this year, including Microsoft, Cisco Systems, Okta and Samsung.

Uber said the investigation is still ongoing but so far, user data has been deemed safe.

“First and foremost, we’ve not seen that the attacker accessed the production (i.e. public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info, or trip history. We also encrypt credit card information and personal health data, offering a further layer of protection,” Uber said in a blog post.

See also: 18-Year-Old Hacker Claims Responsibility for Uber Breach

The compromise surfaced when Uber employees got a Slack message that read, “I announce I am a hacker and Uber has suffered a data breach,” PYMNTS reported on Thursday (Sept. 14).

In response, Uber shut down some of its internal software and messaging systems and got in touch with law enforcement.

“We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so. This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others,” Uber said in the security update.

Read more: Okta Latest Target of Hacker Group Lapsus$

There were also weekend reports that the same attacker breached video game maker Rockstar Games, according to the post.

“We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts.”

Uber suspects an Uber contractor’s password was purchased on the dark web by the attacker after that contractor’s personal device had been infected with malware.