Uber Says ‘Cyber Incident’ Executed By Lapsus$-linked Hacker

Uber said the cyber incident last week was carried out by hacker (or hackers) linked to the Lapsus$ hacking group. The breach had forced the ride-hailing giant to temporarily shut down its internal messaging platform and software systems.

The company said that the hacker had not accessed any user accounts and databases that hold critical user information including bank account details, trip history and credit card details.

The investigation into the breach did find that the attacker downloaded some internal Slack messages, as well as accessed or downloaded information from an internal tool of Uber’s finance team. “We are currently analysing those downloads”, Uber said.

Upon reviewing its codebase, Uber found that the hacker (or hackers) hadn’t made any changes. They also found the attacker to not have accessed any customer or user data stored by its cloud providers (e.g., AWS S3).

Uber is coordinating with FBI and US Department of Justice on this matter.

The company said it believes the hack was carried out by attacker (or attackers) affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so.

In 2022 alone, the Lapsus$ group has targeted some of the largest global organisations including Microsoft, Nvidia, Cisco, Okta and Samsung Electronics.