Uber is blaming the extortion organization Lapsus$ for the attack last week that had an impact on its internal network, technical systems, Amazon Web Services, Google clouds, and VMware systems.
Attacks against a number of IT companies, including Microsoft, Cisco Systems, Okta, and Samsung, have been attributed to the notorious cybercriminal group, which has operations in Brazil and the UK.
Although the inquiry is still ongoing, according to Uber, user data has been deemed secure so far.
“First and foremost, we haven’t seen any evidence that the attacker was able to access the production (i.e., public-facing) systems of our applications, any user accounts, or the databases we use to store sensitive user data, like credit card numbers, bank account information, or travel itinerary specifics.
According to a blog post by Uber, we also encrypt credit card information and personal health data to give an extra layer of protection.
Employees at Uber were informed of the infiltration through a Slack message that said, “I declare I am a hacker and Uber has suffered a data breach.”
Due to this, Uber rejected some internal software and chat platforms and alerted law enforcement.
We believe that the offender (or offender(s)) is/are members of the Lapsus$ hacking group, which has been increasingly active in the last year or two.
This gang routinely targets technical companies using identical tactics, according to Uber’s security update, and in 2022 alone, intrusions were recorded at Microsoft, Cisco, Samsung, Nvidia, and Okta, among other companies.
