Uber blames security breach on Lapsus$, says they bought credentials on the dark web

• Updated on: 2023-10-19
• Read original article here

Home Innovation Security
Uber blames security breach on Lapsus$, says they bought credentials on the dark web
The hacker apparently gained access to several internal Uber systems after stealing a third-party contractor's credentials and then convinced the contractor to approve a two-factor authentication request.
Sept. 19, 2022
Image: Getty Images
The security breach that hit Uber last week was the work of Lapsus$, Uber said in a blog post Monday. The South American hacking group has attacked a number of technology giants in the past year, including Microsoft , Samsung , Okta and others.  
Uber said it is in close coordination with the FBI and US Justice Department on the matter. 
While the attacker accessed several internal systems, Uber said it does not appear they infiltrated any public-facing systems, any user accounts, or databases that store sensitive user information like credit card numbers. Additionally, Uber said it it doesn't appear that the attacker accessed any customer or user data stored by its cloud providers. 
The hacker did download some internal messages, as well as information from an internal finance team. They also accessed Uber's dashboard at HackerOne, where security researchers report bugs and vulnerabilities. However, any bug reports the attacker was able to access have been remediated, Uber said. 
On Thursday, news of the breach spread after a hacker posted a message to a company-wide Slack channel. The attacker then reconfigured Uber's OpenDNS to display a graphic image to employees on some internal sites.
The attacker told the New York Times that they gained access to Uber's systems through a social engineering scheme: they sent a text message to an Uber employee claiming to be a corporate IT staffer, which persuaded the staff member to reveal a password. 
However, Uber clarified Monday that the hacker gained access using credentials from a third-party contractor. Furthermore, the company said it's "likely" that the Lapsus$ hacker obtained the contractor's Uber corporate password by purchasing it on the dark web, after the contractor's personal device had been infected with malware.
After that, Uber said, the hacker repeatedly tried to log into the contractor's Uber account but was stymied by a two-factor login approval request. However, the contractor eventually accepted one of those requests. From there, the attacker obtained elevated permissions to a number of internal tools, including G-Suite and Slack.
High-tech computer digital technology, global surveillance
","tags":[],"size":438466,"width":1366,"height":768,"author":,"dateUpdated":,"ursId":"25524844979454957457847746312360","roles":[,,],"profiles":,"dateUpdated":,"language":"en","title":"Managing Editor","byline":"Aly is a managing editor at ZDNET based in Winston-Salem, N.C.","bureau":"US","authorBio":"Aly has worn many hats since joining ZDNET in 2014. She is currently a managing editor, leading ZDNET's Advice team, and is based in Winston-Salem, North Carolina.","expertise":null,"awardsAndCredentials":null,"education":"B.A. in English, Creative Writing","authorDisclosure":"Aly does not have financial holdings that would influence how or what she covers.","typeName":"user_user_profile"}],"paging":},"profile":,"dateUpdated":,"language":"en","title":"Managing Editor","byline":"Aly is a managing editor at ZDNET based in Winston-Salem, N.C.","bureau":"US","authorBio":"Aly has worn many hats since joining ZDNET in 2014. She is currently a managing editor, leading ZDNET's Advice team, and is based in Winston-Salem, North Carolina.","expertise":null,"awardsAndCredentials":null,"education":"B.A. in English, Creative Writing","authorDisclosure":"Aly does not have financial holdings that would influence how or what she covers.","typeName":"user_user_profile"},"socialProfileIds":,"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Alyson Windsor","authorBlogs":[],"language":"en","title":"Managing Editor","byline":"Aly is a managing editor at ZDNET based in Winston-Salem, N.C.","bureau":"US","authorBio":"Aly has worn many hats since joining ZDNET in 2014. She is currently a managing editor, leading ZDNET's Advice team, and is based in Winston-Salem, North Carolina.","expertise":null,"awardsAndCredentials":null,"education":"B.A. in English, Creative Writing","authorDisclosure":"Aly does not have financial holdings that would influence how or what she covers."},"dateCreated":,"dateUpdated":,"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"Getty Images/iStockphoto","alt":"spy-big-brother-digital-surveillance-istock.jpg","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"Surveillance apps are becoming more advanced. Here's what to do if you think you're being tracked.","promoTitle":null,"slug":"how-to-find-and-remove-spyware-from-your-phone","title":"How to find and remove spyware from your phone","topic":]},]}],"descendantCount":0,"type":,"authors":},"editions":},"id":"031e73d9-b911-4809-8ec4-774466c92aec","typeName":"content_topic_edition"},},"id":"2181cc70-f3e2-4021-b6e6-ab8a67ef674b","typeName":"content_topic_edition"},},"id":"24a46875-e41b-4444-a278-ae0ccff93c3b","typeName":"content_topic_edition"},},"id":"7a0c3d44-3af2-4f0a-a596-01547037930d","typeName":"content_topic_edition"},},"id":"d778f4ad-c28d-4080-b073-703d627601a0","typeName":"content_topic_edition"},},"id":"ec62fbfa-4bc1-4a62-8400-3d9bf06d032c","typeName":"content_topic_edition"}],"paging":},"languages":],"paging":},"name":"Cyber Threats","description":null,"slug":"cyber-threats","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},},"image":,"dateUpdated":,"ursId":"27051783234840286590268119258902","roles":[,],"profiles":,"dateUpdated":,"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer's guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles -- including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content -- for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"}],"paging":},"profile":,"dateUpdated":,"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer's guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles -- including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content -- for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"},"socialProfileIds":,"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Elyse Betters Picaro","authorBlogs":[],"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer's guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles -- including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content -- for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose."},"dateCreated":,"dateUpdated":,"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"(Image: Unsplash)","alt":"Best VPN service","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"What is the best VPN overall? Our top pick is ExpressVPN because of its performance. We researched and analyzed the top VPN services -- with a focus on the number of servers in the network, level of encryption, ability to unlock streaming services, and compatibility with phones, computers, and TVs.","promoTitle":null,"slug":"best-vpn","title":"The best VPN services: How do the top 5 compare?","topic":]},]}],"descendantCount":0,"type":,"authors":},"editions":},"id":"0c9a94e0-e9e7-4f3b-aef7-035ce925d60f","typeName":"content_topic_edition"},},"id":"2f79772a-d51a-4d75-b4c9-64a8044bdaf6","typeName":"content_topic_edition"},},"id":"a2d884ae-87aa-4157-8a4f-96f2a6ab39c4","typeName":"content_topic_edition"},},"id":"a8227a14-763a-4cd8-a8d3-fdb50ee0edab","typeName":"content_topic_edition"},},"id":"af43c63e-fdc2-46eb-a079-de9d1ec0afa5","typeName":"content_topic_edition"},},"id":"d96dc21f-cf67-4fb3-b017-a21f3aa71489","typeName":"content_topic_edition"}],"paging":},"languages":],"paging":},"name":"VPN","description":null,"slug":"vpn","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},},"image":,"dateUpdated":,"ursId":"29886494492950911926330498836435","roles":[,,],"profiles":,"dateUpdated":,"language":"en","title":"Editor","byline":null,"bureau":null,"authorBio":null,"expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":null,"typeName":"user_user_profile"}],"paging":},"profile":,"dateUpdated":,"language":"en","title":"Editor","byline":null,"bureau":null,"authorBio":null,"expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":null,"typeName":"user_user_profile"},"socialProfileIds":,"suppressProfile":false,"editions":[],"defaultTimezone":"Europe/London","cmsDisplayName":"Zane Kennedy","authorBlogs":[],"language":"en","title":"Editor","byline":null,"bureau":null,"authorBio":null,"expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":null},"dateCreated":,"dateUpdated":,"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"By Photon photo -- Shutterstock","alt":"data breach","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"Here's a guide highlighting the tools you can use to determine if your account is at risk.","promoTitle":null,"slug":"how-to-find-out-if-you-are-involved-in-a-data-breach-and-what-to-do-next","title":"How to find out if you are involved in a data breach -- and what to do next","topic":]}],"descendantCount":6,"type":,"authors":},"editions":},"id":"02f76cc8-60a7-42e3-b095-85d5fceb201e","typeName":"content_topic_edition"},},"id":"177e0dd2-ef13-4119-a775-e123c25752d7","typeName":"content_topic_edition"},},"id":"26f2f74b-8aea-4cb8-8ad7-98ea6678f72f","typeName":"content_topic_edition"},},"id":"578b5003-5398-44c2-b340-d94262af8075","typeName":"content_topic_edition"},},"id":"8231dda1-08ca-11e4-9732-00505685119a","typeName":"content_topic_edition"},},"id":"f84de0a6-d156-45c9-9500-543e34cc6419","typeName":"content_topic_edition"}],"paging":},"languages":],"paging":},"name":"Security","description":"Software has holes, and hackers will exploit the new vulnerabilities that appear daily. Keep tabs on the latest threats.","slug":"security","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},},"image":{"id":"ab8d1c57-31ef-432e-b0da-06dcb9e894a1","title":"Brave","filename":"brave-best-browser-for-privacy.jpg","path":"https://www.zdnet.com/a/img/2022/05/20/ab8d1c57-31ef-432e-b0da-06dcb9e894a1/brave-best-browser-for-privacy.jpg","caption":"