Uber reports details of hacking damage that allowed intrusion into internal system, is hacker involved in leaking video of 'GTA 6'

Uber reported on September 15, 2022 local time that its internal system was hacked by someone. On September 19th, the latest information on hacking damage was reported, revealing the hacker's modus operandi, Uber's response, and data that may have leaked.

Security update | Uber Newsroom


Uber links breach to Lapsus$ group, blames contractor for hack

Uber admits 'several internal systems' breached, blames gang • The Register

In the Sept. 15 hack of Uber, the hacker sent a message on internal Slack saying, 'I am a hacker, and I am announcing that Uber has suffered a data breach,' and published a list of the compromised internal systems. That's what I'm talking about. Hackers also reportedly reconfigured Uber's OpenDNS to display obscene images on some internal sites.

Uber is hacked, a hacker invades the company's Slack and launches an attack declaration & obscene image bombing - GIGAZINE

And on September 19, Uber reported the latest information on this hacking damage on its official website. First, the hack was triggered by an Uber contractor's personal device being infected with malware and Uber's corporate account credentials being sold on the dark web.

Hackers purchased credentials and attempted to log in, but were blocked due to two-factor authentication in place. However, after many login attempts, the contractor finally accepted two-factor authentication, so the hacker was able to log in to Uber's internal system. After that, the hackers also accessed other employee accounts, obtained access permissions to tools such as G-Suite and Slack, and carried out attacks such as posting messages to Slack and displaying obscene images on internal sites. .

In response to a series of hacks, Uber said that the existing security monitoring system quickly identified and responded to the problem. 'Our top priority was to prevent attackers from accessing our systems to ensure the safety of user data and Uber's services were not affected,' he said. Uber said.

The main actions Uber has taken are as follows:

・Identified compromised or potentially compromised employee accounts and blocked access to Uber systems or required password resets.
Disabled internal tools that were or could be affected.
Switched access keys on many internal services, effectively resetting access.
- Locked down the code base to prevent new code changes.
・Enforced multi-factor authentication policies by requiring employees to re-authenticate when restoring access to internal tools.
・Added monitoring of the internal environment and focused on suspicious activity.

After first blocking the attacker's access, Uber began investigating the damage caused by the hack. The investigation is still ongoing at the time of the security report update, but there is no evidence of access to the user app system, and no breach of the user's account, credit card number, bank account information, or travel history has been confirmed. reports Uber. In addition, no changes to the codebase or access to customer or user data stored in cloud providers have been confirmed.

Meanwhile, the hackers downloaded several internal Slack messages, as well as information from an internal tool used by the finance team to manage invoices. In addition, it seems that security researchers were able to access the dashboard of the bounty platform HackerOne , where security researchers report bugs and vulnerabilities, but ``all bug reports that attackers have access to have been fixed.'' said Uber.

In a security report, Uber said, ``Even during the hacking attack, we were able to maintain the operation of Uber, Uber Eats, and Uber Freight services for the general public and operate smoothly. We stopped some internal tools. Customer support operations were minimally impacted as a result, but are now operating normally.' He also said, ``Uber is working closely with the FBI and the US Department of Justice on this matter and will continue to support efforts in the future,'' he said, also strengthening policies and practices to protect Uber from future attacks. I promised I would try.

The hacker who carried out this attack is a member of the international hacker group ' LAPSUS$ ' that hacked large companies such as Microsoft ,NVIDIA , and Samsung , and is a self-proclaimed 18-year-old person called 'teapots2022 (teapotuberhacker)'. pointed out. In addition, teapotuberhacker is also reported to have leaked the test play video and code of 'Grand Theft Auto 6 (GTA 6)' under development.

Data of 'Grand Theft Auto 6' under development leaked by hacking, development company admits that leaked data is genuine - GIGAZINE

in Software,   Web Service,   Security, Posted by log1h_ik