Transport company Uber Inc. (UBER) has said that the cybersecurity incident, which it had revealed last week was the handiwork of the Lapsus$ gang, a group known for several high-profile corporate data breaches. The company said that the hackers had also downloaded or read company Slack messages and invoice-related data from an internal tool.
In a post in its blog on Monday, the company said that the hackers first got their hands to the company’s systems when they got a contractor to grant a multi-factor authentication challenge. The contractor’s network password was most likely obtained on a dark web marketplace, Uber said.
According to the blog post, “From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.”
Uber said that the hackers did not get hold of user-facing systems, user accounts, databases containing personal information or the code, which operates Uber’s products.
With the blog, this is the first time that Uber is publicly announced that the Lapsus$ gang is behind the incident. The same gang has hacked companies like Microsoft, Nvidia, Okta and other companies.
The company said that investigations into the incidents are ongoing and it has double protected its multi-factor authentication policies and also reset employee access to internal tools.
Source: Read Full Article