cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Lapsus$ hacking group blamed for Uber cyber attack

Uber has blamed the Lapsus$ hacking group for a cyber attack last week which hit some of the company’s internal systems.

user iconReporter
Wed, 21 Sep 2022
Lapsus$ hacking group blamed for Uber cyber attack
expand image

Uber has pinned the blame on the Lapsus$ hacking group, asserting it was behind an attack last week which had forced the company to temporarily shut down some internal systems.

The perpetrators gained access after obtaining an external contractor’s account credentials, according to the ride-share platform.

Cyber security researchers have described Lapsus$ as a "loosely held collective with roots in the UK and Brazil". Its members have previously been blamed for embarrassing hacks on the likes of Microsoft, Samsung, Nvidia and Okta.


This past weekend, the hacking gang was linked to another high-profile attack on video games developer Rockstar Games, following the appearance of leaked footage from the unseen next instalment of the Grand Theft Auto series in a fan forum.

Cyber security researchers also noted strong similarities in the attack but explained that it was too soon to confirm a connection.

According to the Financial Times, Uber first announced it had been breached Thursday evening last week. The company confirmed that the intruder had gained "elevated permissions", granting access to a number of internal systems and enterprise software used by employees this Monday.

Among those systems was Uber’s Slack channels, where the attacker sent a message alerting staff to the hack, saying, "I announce I am a hacker and Uber has suffered a data breach", with some employees redirected to a web page containing a lewd image.

Uber has asserted that its "public facing" systems were not affected and the databases it uses to store "sensitive" user data, such as bank details and trip history, were not violated. The attacker had not altered the software code underlying the Uber app and services.

Uber suspects that a hacker "likely" affiliated with Lapsus$ purchased the contractor's password on the dark web.

"The attacker then repeatedly tried to log in to the contractor’s Uber account.

"Each time, the contractor received a two-factor login approval request, which initially blocked access.

"Eventually, however, the contractor accepted one, and the attacker successfully logged in," Uber said.

Claire Tills at Tenable, explained that Lapsus$ rose to prominence at the end of last year, and notes that London police had arrested seven people connected with the gang, aged between 16- and 21-years-old back in March.

The group has described itself as not being "politically motivated or state-sponsored" according to Tills and instead are driven by a quest for notoriety. A Tenable research report released this year said the group was "brazen, unsophisticated and illogical".

On Monday, Rockstar Games confirmed it had been a victim of a "network intrusion", confirming the footage of Grand Theft Auto 6 was genuine after a user on a web forum for Grand Theft Auto claimed to be the person who hacked Uber previously posted 90 leaked videos and images from the upcoming GTA instalment.

A follow-up message suggested that the hackers would "negotiate" with the company to prevent the release of more footage.

"Our work on the next Grand Theft Auto game will continue as planned and we remain as committed as ever to delivering an experience to you, our players, that truly exceeds your expectations," Rockstar wrote on Twitter.

[Related: archTIS launches NC Encrypt to support independent encryption key management]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.