Uber fell victim to an internal hack last week and now the rideshare company is releasing information about who was behind it.
In surprise news, the culprit was: allegedly an 18-year-old hacker who was able to break into Uber’s internal systems (including G-suite and Slack), causing the company to suffer a data breach.
The anonymous hacker came forward to de New York Times and told the outlet that he was posing as an IT employee for Uber and texted an Uber employee requesting his password that would allow him to access the internal systems.
“An Uber EXT contractor had his account hacked by an attacker,” Uber said in a statement blog post yesterday. “The attacker then repeatedly tried to log into the contractor’s Uber account. Each time, the contractor received a two-factor approval request, initially blocking access. However, the contractor eventually accepted one and the attacker logged in.”
Uber explained that they believe the hacker (or hackers) are part of the Lapsus$ group — based on the techniques they used to get into Uber’s systems — and are also responsible for hacks at Microsoft earlier this year, Samsung and Cisco.
They are also believed to be behind the recent leak at Rockstar Games, where footage from the latest version of the video game Duty was compromised this week.
The company realized it had been compromised after the teen posted a message on the company-wide slack channel.
Really stylish way to hack someone @Uber pic.twitter.com/fFUA5xb3wv
— Colton (@ColtonSeal) September 16, 2022
When using Slack, employees were reportedly redirected to a pornographic image with subtext using expletives, per sources on Twitter.
“We are partnering with several leading digital forensics companies as part of the investigation. We will also take this opportunity to continue to strengthen our policies, practices and technology to further protect Uber from future attacks,” Uber said.
The company claimed none of its customer-facing services like Uber and Uber Eats had compromised data, though the services were affected shortly after internal tools had to be removed due to the hack.
Uber has struggled in recent years after a dramatic departure of former CEO Travis Kalanick in 2017 exposed allegations of sexual harassment and discrimination at the company.
The company also faced a separate leak earlier this summer when documents surfaced to the public demonstrating questionable internal practices and corporate culture.
Uber was down just shy of 21% year over year from Tuesday afternoon.