September 21, 2022 – Uber has released details on the cybersecurity attack that rattled the ride-hailing giant last week, forcing it to shut several communications and engineering systems.
On September 16, Uber confirmed in a tweet it was investigating a “cybersecurity incident” and had alerted US law enforcement. Uber’s confirmation came in the wake of a report published by The New York Times and a number of screenshots of the hacker circulating on social media. The hacker had sent messages to the company-wide channel on the workplace messaging app, Slack, announcing that several Uber systems had been breached.
Uber’s services, however, were not disrupted during the hack.
In a recent blog post, the company has said it believes that hackers belonging to the group called Lapsus$ are behind the attack. According to reports, Lapsus$ has been involved in a number of high-profile corporate hack attacks.
“This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others,” Uber said. “There are also reports over the weekend that this same actor breached video game maker Rockstar Games. We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts.”
Uber confirmed that the hacker had accessed several internal systems, but it has yet to be ascertained whether the attack had any “material impact”.
No sensitive user data was compromised in the internal systems breach, says Uber.
In October 2016, Uber suffered a massive breach that reportedly impacted 57 million customers and employees, leading to personal information such as phone numbers and email addresses being compromised.
