Australia markets closed
  • ALL ORDS

    6,678.70
    -81.90 (-1.21%)
     
  • ASX 200

    6,474.20
    -80.80 (-1.23%)
     
  • AUD/USD

    0.6406
    -0.0098 (-1.51%)
     
  • OIL

    79.74
    -1.49 (-1.83%)
     
  • GOLD

    1,668.30
    -0.30 (-0.02%)
     
  • BTC-AUD

    30,304.45
    -323.66 (-1.06%)
     
  • CMC Crypto 200

    443.49
    +0.06 (+0.01%)
     
  • AUD/EUR

    0.6532
    -0.0084 (-1.27%)
     
  • AUD/NZD

    1.1439
    +0.0099 (+0.88%)
     
  • NZX 50

    11,065.71
    -134.33 (-1.20%)
     
  • NASDAQ

    10,971.22
    -193.56 (-1.73%)
     
  • FTSE

    6,893.81
    +12.22 (+0.18%)
     
  • Dow Jones

    28,725.51
    -500.10 (-1.71%)
     
  • DAX

    12,114.36
    +138.81 (+1.16%)
     
  • Hang Seng

    17,222.83
    +56.96 (+0.33%)
     
  • NIKKEI 225

    25,937.21
    -484.84 (-1.83%)
     

Uber claims hack came from Lapsus$, the group behind Microsoft and T-Mobile attacks

·Reporter
·1-min read
Austin Distel on Unsplash

Uber believes it has identified the team behind last week's hack, and the name will sound all too familiar. In an update on the breach, Uber said the perpetrator was affiliated with Lapsus$, the hacking group that has targeted tech firms like Microsoft, Samsung and T-Mobile. The same intruder might also have been responsible for the Rockstar hack that leaked Grand Theft Auto VI, Uber said.

It's also clearer just how the culprit may have accessed Uber's internal systems. The attacker likely bought the contractor's login details on the dark web after they'd been exposed through a malware-infected computer. Two-factor authentication initially prevented the hacker from getting in, but the contractor accepted an authentication request — that was enough to help the invader compromise employee accounts and, in turn, abuse company apps like Google Workspace and Slack.

As before, Uber stressed that the hacker didn't access public-facing systems or user accounts. The codebase also remains untouched. While those responsible did compromise Uber's bug bounty program, any vulnerability reports involved have been "remediated." Uber contained the hack by limiting compromised accounts, temporarily disabling tools and resetting access to services. There's also extra monitoring for unusual activity.

The incident update suggests the damage to Uber is relatively limited. However, it also indicates that Lapsus$ is still hacking high-profile targets despite arrests. It also underscores major tech companies' continued vulnerability to hacks. In this case, one wrong move by a contractor was all it took to disrupt Uber's operations.