IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

‘Cyber Gang’ Lapsus$ Believed to Be Behind Uber Hack

The company believes the hack, which took place Thursday, stemmed from a compromised company contractor's account, company officials explained in a public statement Monday morning.

Uber,App,Displayed,On,Smartphone,Held,In,Hand,In,Front
Shutterstock
(TNS) — The San Francisco ride-hailing tech giant Uber said it fell victim to a hacker — or group of hackers — that they believe is linked to a notorious "cyber gang" responsible for a slew of high-level hacks in recent months.

Uber believes the hack, which took place Thursday, stemmed from a compromised company contractor's account, the company explained in a public statement Monday morning. The contractor's "personal device had been infected with malware" — and despite two-factor authentication initially blocking the hacker, the contractor accepted an approval request and the hacker got in.

"The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber's OpenDNS to display a graphic image to employees on some internal sites," the company said.

The "graphic image" in question was reportedly a penis. An anonymous Uber employee on the tech forum Blind alleged that the hacker spammed the company's internal Slack with racist slurs and claims that " Uber underpays its drivers."

It does not appear that the hacker edited the company's "codebase" — Uber's source code — or accessed any databases that "store sensitive user information," the company said. That said, the hacker may have downloaded some internal information, primarily information from an internal finance service and Slack messages.

The "cyber gang" possibly tied to this Uber hack is Lapsus$, the notorious group believed to be responsible for hacks against Samsung, chipmaker Nvidia, cybersecurity firm Okta and, most recently, the gaming company Rockstar Games. The latter hack resulted in a leak of footage from the highly anticipated latest entry into the "Grand Theft Auto" series, "Grand Theft Auto IV." Alleged Lapsus$ members, including a 16-year-old from the United Kingdom accused of being a leader of the group, were arrested in March.

©2022 SFGate, Distributed by Tribune Content Agency, LLC.