Uber’s laptop community was breached by a cyberattacker final Thursday, who Uber now says hacked into the account of an EXT contractor after seemingly buying the worker’s credentials from the darkish net. In a weblog submit Monday, Uber mentioned it’s seemingly the contractor’s private gadget had been contaminated with malware, resulting in these credentials turning into uncovered.
Although Uber has on-line security precautions in place for worker logins, the contractor unknowingly accepted a verification notification that in the end granted the attacker entry, the ride-share firm mentioned. From there, the attacker accessed a number of worker accounts and instruments equivalent to G-Suite and Slack.
Uber laid the blame on hacking group Lapsus$, which has used related assaults to breach Microsoft, Cisco, Samsung, Nvidia, Okta and others in 2022.
Uber additionally confirmed a report final week that the hacker despatched a message to a company-wide Slack channel and “reconfigured Uber’s OpenDNS to show a graphic picture to staff on some inner websites.”
In its submit, Uber says no private information was compromised and providers — together with Uber, Uber Eats, Uber Freight providers and inner instruments — are again to regular and working easily.
“At first, we have not seen that the attacker accessed the manufacturing (ie public-facing) techniques that energy our apps; any consumer accounts; or the databases we use to retailer delicate consumer info, like bank card numbers, consumer checking account information or journey historical past,” Uber mentioned. “We additionally encrypt bank card info and private well being information, providing an additional layer of safety.”
Uber says it instantly labored to answer the safety breach to guard inner techniques and consumer information, together with figuring out worker accounts that have been compromised and both blocking their entry to Uber techniques or requiring a password reset; disabling a number of inner instruments; resetting entry to many inner providers; locking down the codebase; requiring staff to re-authenticate when entry was restored; and including inner surroundings monitoring “to maintain a fair nearer eye on any additional suspicious exercise.”
Uber mentioned it’s intently working with the FBI, the US Division of Justice and “a number of main digital forensics corporations” on the continuing investigation.
The assault on Thursday led Uber to briefly take down a number of inner communications and engineering techniques, and it instructed staff to not use Slack. By Friday morning, Uber, Uber Eats, Uber Freight and Uber Drive have been all up and working, and Uber was bringing again on-line its inner software program instruments.
