Uber has shared extra particulars on its current information breach, sharing particulars on the way it occurred, what the impression was, and who it thinks was (most certainly) accountable.

In a safety replace (opens in new tab), Uber stated a risk actor bought an Uber EXT contractor’s login credentials from the darkish internet, and managed to log into the account after the contractor accepted a two-factor login request from the secondary endpoint. 

From there, the attacker accessed “a number of different worker accounts” (Uber doesn’t go into particulars on how this occurred), which gave them elevated permissions to a few instruments, together with Google Workspace and Slack. 

Slack and invoices

Though the group is but to take duty for the assault, Uber has laid the blame on Lapsus$, a recognized extortion group that’s beforehand breached the likes of Microsoft, Cisco, Samsung, Nvidia, and Okta.

Uber claims that the impression of the assault was restricted, as whereas the attacker accessed a number of inner programs, they weren’t capable of entry manufacturing programs that energy Uber’s apps. Person accounts had been protected, in addition to the database holding delicate consumer data (bank card numbers, checking account information, journey historical past). Even when the attacker managed to entry bank card information or private well being information, this information is encrypted, the corporate says.

Moreover, the attackers made no modifications to Uber’s codebase. Buyer and consumer information saved by cloud suppliers was not tampered with, both. Nonetheless, inner Slack messages, in addition to information from a device used to handle invoices, have been taken. 

When information of the information breach first broke, safety researchers and the media had been centered on the truth that the attackers accessed Uber’s dashboard at HackerOne, as that might give them insights into varied vulnerabilities the corporate has, probably together with these which can be but to be mounted. 

When information of the information breach first broke, safety researchers and the media had been centered on the truth that the attackers accessed Uber’s dashboard at HackerOne, as that might give them insights into varied vulnerabilities the corporate has, probably together with these which can be but to be mounted. 

That will open the doorways for a variety of totally different cyberattacks. Nonetheless, Uber now says any bug experiences the attackers accessed have been mounted. 

• Take a look at the perfect firewalls (opens in new tab) proper now