Last week Uber fell victim to a cyber attack after an employee’s Slack app, a workplace messaging app, was compromised. The company has now revealed a hacking group called Lapsus$ was behind the cyberattack. In a blog post, Uber notes that the group typically uses similar techniques to target technology companies, and in 2022 alone, it breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others. Another report claims that the same hacker group breached GTA-creator Rockstar Games’ systems.
Uber stated in a post that no personal data was compromised and services — including Uber, Uber Eats, Uber Freight services and internal tools — are back to normal and running smoothly.
— Uber Comms (@Uber_Comms) September 16, 2022
“First and foremost, we’ve not seen that the attacker accessed the production (ie public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info or trip history,” Uber said. “We also encrypt credit card information and personal health data, offering a further layer of protection.”
Uber says it immediately worked to respond to the security breach to protect internal systems and user data, including identifying employee accounts that were compromised and either blocking their access to Uber systems or requiring a password reset; disabling several internal tools; resetting access to many internal services; locking down the codebase; requiring employees to re-authenticate when access was restored, and adding internal environment monitoring “to keep an even closer eye on any further suspicious activity.”
The attack last Thursday led Uber to temporarily take down several internal communications and engineering systems and asked employees not to use Slack. By Friday morning, Uber, Uber Eats, Uber Freight and Uber Drive were all up and running, and Uber was bringing back online its internal software tools.
Receive the latest tech updates and tips and tricks! Subscribe below to our weekly Tech Tips!