Uber claims hack came from Lapsus$, the group behind Microsoft and T-Mobile attacks | Engadget


Uber believes it has identified the team behind last week’s hack, and the name will sound all too familiar. In an update on the breach, Uber said the perpetrator was affiliated with Lapsus$, the hacking group that has targeted tech firms like Microsoft, Samsung and T-Mobile. The same intruder might also have been responsible for the Rockstar hack that leaked Grand Theft Auto VI, Uber said.

It’s also clearer just how the culprit may have accessed Uber’s internal systems. The attacker likely bought the contractor’s login details on the dark web after they’d been exposed through a malware-infected computer. Two-factor authentication initially prevented the hacker from getting in, but the contractor accepted an authentication request — that was enough to help the invader compromise employee accounts and, in turn, abuse company apps like Google Workspace and Slack.

As before, Uber stressed that the hacker didn’t access public-facing systems or user accounts. The codebase also remains untouched. While those responsible did compromise Uber’s bug bounty program, any vulnerability reports involved have been “remediated.” Uber contained the hack by limiting compromised accounts, temporarily disabling tools and resetting access to services. There’s also extra monitoring for unusual activity.

The incident update suggests the damage to Uber is relatively limited. However, it also indicates that Lapsus$ is still hacking high-profile targets despite arrests. It also underscores major tech companies’ continued vulnerability to hacks. In this case, one wrong move by a contractor was all it took to disrupt Uber’s operations.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.



Source link

Disclaimer
Denial of responsibility! newzcentre.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] . The content will be deleted within 24 hours.

Leave a Comment

Your email address will not be published.

Post Malone sustains injured ribs. Inside Out 2 to be released by Disney Marvel releases the  “Secret Invasion” trailer Marshall Thundering Herd vs. Notre Dame predictions from SportsLine’s model Bitcoin soars more than 10%