Uber blames a contractor for the breach

Uber’s network systems were hacked last week, and the ride-hailing giant said in a security advisory Monday that an EXT contractor’s account had been compromised by attackers. The attacker may have purchased the contractor’s Uber password on the dark web after the contractor’s personal device was infected with malware. After the attacker sent a large number of 2FA requests, the contractor accepted one of the login requests, causing the attacker to finally successfully log in. Uber believes the attackers are linked to the hacking group Lapsus$. The company is still investigating. Uber said it did not see attackers accessing the production systems that support its applications, any user accounts, or databases used to store sensitive user information. The company also said it reviewed its own codebase and found no changes made by the attackers. Uber also did not find attackers accessing any customer or user data stored by its cloud provider. The attackers downloaded some internal Slack information and accessed or downloaded the internal tools used by their finance team to manage some invoices. These downloads are currently being analyzed.

This article is reprinted from: https://www.solidot.org/story?sid=72818
This site is for inclusion only, and the copyright belongs to the original author.