Uber blames hacking group Lapsus$ for data breach

Uber has blamed Lapsus$, a South American hacking group, for being behind last week’s data breach that compromised its internal system.

The ride-share giant said in a statement that it is still investigating the breach and is also coordinating with the FBI, the Department of Justice and several leading digital forensics firms.

“We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so,” the company said. 

Lapsus$ has been linked to several data breaches this year targeting tech companies including Microsoft, Samsung, Cisco and Okta.

Last week, an 18-year-old hacker claimed to have broken into Uber’s network. 

The hacker told The New York Times, which first reported the breach, that he gained access to the company’s internal systems by posing as a corporate information technology person and convincing an employee to share a password with him.

The hacker said he was then able to access the internal messaging service Slack through one person’s account and sent employees a message saying, “I announce I am a hacker and Uber has suffered a data breach.”

The data breach forced the company to temporarily shut down a number of its internal services, including messaging and engineering services.

Uber said it took several steps to mitigate the damage, including disabling affected internal tools, identifying whether employee accounts had been compromised and locking down its codebase to prevent any new code changes. 

Although the hacker did gain access to several of its internal systems, Uber said he did not access the public-facing systems that power its apps, user accounts or the databases it uses to store sensitive user information like credit card and bank account information. 

The alleged hacker also claimed that he broke into Uber because of its weak security and used his access to its Slack messaging service to call for higher pay for Uber drivers.