Uber, the famous application for putting users in contact with drivers, has returned to the attack it suffered last week. The latter was reportedly led by members of the Lapsus$ hacker group, whose hunting record is as long as your arm.
The intrusion on the servers of the company would be the fact of the Lapsus$ group. The attack, let’s say, quite advanced, took place in several stages. The hackers first went to the Dark Web to obtain credentials to access Uber’s private network. These identifiers alone are useless: you have to be invited to access a form allowing them to be used. Lapsus$ achieved this through the device of a malware-infected contractor.
Once in the system, it was easy for the hackers to gain access to a key employee’s account and obtain administrator rights to the company’s tools. The pirates would thus have succeeded in stealing the Slack conversations of an employee, by publishing racist and/or insulting messages, claiming that “Uber underpays its drivers”. They would also have downloaded files contained in internal tools.
Lapsus$ used Slack to access Uber’s internal systems
According to Uber, however, the situation is not dramatic: cybercriminals have not accessed user accounts or databases containing their personal information or even Uber’s source code. As a result of this breach, Uber will strengthen internal security measures and reset all employees’ access to company tools.
Among other feats of arms, Lapsus is known in the landernau of cybersecurity for having stolen nearly 70 GB of data related to Apple last March or even having attacked Microsoft, Nvidia or Samsung, among other targets. renowned. Just last week, the group went after what is probably the most anticipated video game of all time: Grand Theft Auto 6. Although its publisher, Rockstar Games, claims the cyberattack n will not impact the game’s development schedule, attacks of this magnitude are doomed to become the daily life of all companies technologies.