Uber fell victim to an internal hack last week and now the rideshare company is releasing information on who was behind it.
In surprise news, the culprit was allegedly an 18-year-old hacker who was able to get into Uber’s internal systems (including G-suite and Slack) thus putting the company through a data breach.
The anonymous hacker came forward to the New York Times and told the outlet that he pretended to be an IT worker for Uber and sent an Uber employee a text message asking for his password which gave him access to the internal systems.
“An Uber EXT contractor had their account compromised by an attacker,” Uber said in a blog post yesterday. “The attacker then repeatedly tried to log in to the contractor’s Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.”
Uber explained that they believe the hacker (or hackers) are part of the group Lapsus$ — based on the techniques they used to get into Uber’s systems — and are also responsible for hacks earlier this year at Microsoft, Samsung, and Cisco.
They are also believed to be behind the recent leak at Rockstar Games where footage from the newest iteration of the video game Call of Duty was compromised this week.
The company realized it had been compromised after the teenager posted a message to the company-wide slack channel.
Honestly kind of a classy way to hack someone @Uber pic.twitter.com/fFUA5xb3wv
— Colton (@ColtonSeal) September 16, 2022
When using Slack, employees were reportedly redirected to a pornographic image with subtext using expletives, per sources on Twitter.
“We’re working with several leading digital forensics firms as part of the investigation. We will also take this opportunity to continue to strengthen our policies, practices, and technology to further protect Uber against future attacks,” Uber said.
The company maintained that none of its customer-facing services like Uber and Uber Eats had any compromised data, though the services were briefly impacted after internal tools had to be taken down on account of the hack.
Uber has had a rough go of it the past couple of years, after a dramatic exit by former CEO Travis Kalanick in 2017 brought to light allegations of sexual harassment and discrimination at the company.
The company also faced a separate leak earlier this summer when documents surfaced to the public showcasing questionable internal practices and company culture.
Uber was down just shy of 21% year over year as of Tuesday afternoon.