Uber Attributes Hack to Lapsus$ Group, Says No Sensitive User Information Accessed

Rockstar admits hack but says no long term impact, Ukraine IT Army hacks Wagner Group website, Pentagon probes military online operations, Wintermute loses $160 million in hack, much more

Photo by Priscilla Du Preez on Unsplash

Uber attributed its serious breach last week to a group of teen hackers known as Lapsus$, the same gang that hacked Okta, Microsoft, Nvidia, Globant, and Rockstar Games earlier this year.

The gang compromised an Uber contractor’s user account to gain nearly unfettered access to the company’s systems, the ride-hailing giant said. The company said the hacker stole some internal information and Slack messages but that no sensitive information such as credit card data and trip histories was taken, leaving open the question if other personal user information was compromised.

According to researchers, the employee’s credentials may have been stolen by password-stealing malware like RedLine installed on an employee’s computer, a technique that Lapsus$ has been known to use. After tricking the employee into accepting a push n…