Uber Technologies Inc. stated Monday a hacker affiliated with the Lapsus$ hacking group was liable for a cyber assault that final week compelled the ride-hailing firm to quickly shut a number of inside communications.
Uber stated the attacker had not accessed any person accounts or the databases that retailer delicate person info akin to bank card numbers, checking account or journey particulars.
“The attacker accessed several internal systems, and our investigation has focused on determining whether there was any material impact,” Uber stated, including that investigation was nonetheless ongoing.
The firm stated it was in shut coordination with the FBI and the U.S. Department of Justice on the matter.
Friday’s cybersecurity incident had introduced down Uber’s inside communication system for some time and workers had been restricted to make use of Salesforce-owned workplace messaging app Slack.
Uber stated the attacker logged in to a contractor’s Uber account after they accepted a two-factor login approval request following a number of requests, giving the hacker entry to a number of worker accounts and instruments akin to G-Suite and Slack.
The hacking group Lapsus$ has focused corporations together with Nvidia, Microsoft and Okta, an authentication companies firm relied on by hundreds of main companies.
Lapsus$ couldn’t be instantly reached for remark.
The hacker, who goes by the identify “teapotuberhacker,” additionally reportedly claimed to leak early gameplay footage of Take-Two Interactive Software Inc’s much-awaited sport “Grand Theft Auto VI” on Monday.
The hacker had posted a message on the discussion board about looking for to “negotiate a deal” with the videogaming firm.