Uber is attributing the intrusion that affected its internal network, technological systems, Amazon Web Services, Google clouds, and VMware systems last week to the extortion group Lapsus$.
The renowned cybercriminal organization, which has offices in Brazil and the UK, has been linked to attacks this year on a number of IT firms, including Microsoft, Cisco Systems, Okta, and Samsung.
Uber stated that although the investigation is still in progress, user data has been considered secure thus far.
“First and foremost, we haven’t seen any evidence that the attacker gained access to our applications’ production (i.e., public-facing) systems, any user accounts, or the databases we use to store sensitive user data, such as credit card numbers, bank account information, or travel itinerary details.
In order to provide an additional degree of security, we additionally encrypt personal health data and credit card information, according to a blog post by Uber.
Uber employees received a Slack message that stated, “I announce I am a hacker and Uber has suffered a data breach,” which revealed the intrusion.
As a result, Uber turned down parts of its internal software and chat platforms and contacted the police.
We think the perpetrator (or perpetrators) are part of the Lapsus$ hacking organization, which has become more active over the past year or two.
According to Uber’s security update, this gang frequently targets technological businesses using similar methods, and in 2022 alone, breaches were reported at Microsoft, Cisco, Samsung, Nvidia, and Okta, among others.