Uber said it is likely that the hacker(s) is affiliated with the Lapsus$ hacking group. The company said there’s no indication that the breach exposed any sensitive user data. “First and foremost, we’ve not seen that the attacker accessed the production (i.e. public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info, or trip history. We also encrypt credit card information and personal health data, offering a further layer of protection,” the company said. Global ride-hailing giant Uber announced on Friday that it is investigating a cybersecurity incident. A hacker allegedly breached the company’s computer network on Thursday. Uber consequently shut down its internal systems, including communication tools such as Slack. According to The New York Times, the hacker tricked an Uber employee into handing over a password, granting them access to the company’s systems. The hacker has since shared several screenshots displaying the magnitude of the breach. “They pretty much have full access to Uber,” Sam Curry, a cybersecurity engineer at Yuga Labs who interacted with the threat actor, told the New York Times. “This is a total compromise, from what it looks like.”
18-Year-Old Hacker Breached Uber
The hacker told the New York Times that he was 18 years old and broke into Uber’s systems due to its weak security. The hacker used social engineering to gain access to Uber’s network. Social engineering refers to devious manipulation schemes used by malicious actors who impersonate a trusted party to lure victims into divulging sensitive information. The hacker’s screenshots also showed he has access to the company’s financial data and, ironically, its SentinelOne (enterprise cybersecurity) account. The hacker sent a message over Slack to Uber’s employees, claiming responsibility for the breach. “I announce I am a hacker and Uber has suffered a data breach. Slack has been stolen, confidential data with Confluence, stash and 2 monorepos from phabricator have also been stolen, along with secrets from sneaker,” the message said. A spokesperson for Uber told the New York Times that the attacker sent the message from an employee’s Slack account after compromising it.
Uber’s Response to the Security Breach
Following the incident, Uber has told its employees not to use Slack. Furthermore, two unidentified employees told the New York Times that other internal systems were inaccessible. The company said it’s in contact with law enforcement regarding the breach. However, it did not reveal any information about the extent of the breach and whether it exposed sensitive user data. “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available,” Uber tweeted. The New York Times also came across an internal email from Latha Maripuri, Uber’s chief information security officer, where she said it was unclear “when full access to tools will be restored…” We’ll update this story as more information becomes available. There has been a rise in social engineering attacks against major tech companies. This year alone, malicious actors have targeted several high-profile companies, including Microsoft, Okta, Twilio, and MailChimp. The first two attacks were carried out by the Lapsus$ gang, which is reportedly run by teenagers. To learn more about these attacks and how to protect your organization, check out our in-depth guide to social engineering.