Uber linked the cybersecurity breach it reported last week to hackers associated with the Lapsus$ Gang, which is accused of many high-profile corporate data leaks. Uber also claimed that the attackers were able to download and access company Slack messages as well as invoice-related data using an internal tool.
Uber (UBER), in a blog post, stated that the attackers gained access to the company’s systems first when they convinced a contractor to grant them a multi-factor authentication challenge. Uber (UBER), stated that the contractor’s network password was likely obtained on a dark internet marketplace.
The blog post stated that the attacker accessed other employee accounts, which eventually gave him elevated permissions to a variety of tools, including G-Suite, Slack, and more. “The attacker posted a message on a company-wide Slack channel which many of you saw and reconfigured Uber’s OpenDNS so that employees could see a graphic image on certain internal sites.”
According to Uber, the attacker was not able to access user-facing systems, user account databases, or databases containing personal data, nor did he have access to the code that powers Uber’s products. It added that the investigation continues in coordination with law enforcement agencies and multiple cybersecurity firms.
This blog post is the first time Uber has publicly attributed this incident to the Lapsus$ Gang, which attacked Microsoft earlier in the year. They are also accused of attacking Okta, Nvidia, and other companies.
Uber stated that it was strengthening its multifactor authentication policies in response to the breach and has reset employee access for internal tools.