According to a Monday Twitter update posted by Uber, Lapsus$ ransomware spreading gang is suspected to be behind the cyber attack on its repositories, email and cloud systems and internal slack communication servers.
Ride sharing app Uber shared those details after quashing the rumors speculated in the New York Times that the attack was conducted by a lone hacker who wanted a humongous share of ransomware to unlock the systems from encryption.
Preliminary analysis conducted by the IT team says that the sophisticated attack could have been caused through a phishing attack launched on the HackerOne account of one of the senior IT employees of the company. And the data breach could have taken place after the credential steal.
Currently, a single hacker, supposed to be an individual, is responding to the queries and is providing screenshots of the compromised details that include data siphoned from AWS and Google Cloud Platform accounts.
Uber released a press statement that no personal information from Uber, Uber Drive, Uber Freight, Uber Eats, and Uber Freight services were leaked in the attack and all the services were running normally.
NOTE 1– HackerOne is a technology related platform that connects businesses with pen testers and security researchers.
NOTE 2- After several arrests of gang members in March 2022, Lapsus$ became somewhat dormant for some time, only to re-emerge itself in the hacking gang with a series of cyber attacks launched in Sept’22 and that includes attack on Uber, Rockstar Games and a re-attack on Brazilian Health Ministry on September 15th of this year, that was technically thwarted successfully by the employees.