Uber experienced a severe breach of its system earlier this month. Allowing the bad actor to cause havoc in a variety of ways. It includes flooding employee Slack chats with pornographic pictures, defacing internal websites, and stealing important media.
In a revised statement, the ride-sharing business now blames the notorious Lapsus$ hacker organization. Because of how outrageous the attack and the announcement were, several employees mistook it for a joke from a coworker and sent the humorous hacker emojis in response.
The hacker admitted to being 18 years old to The New York Times. The cybercriminal admitted to hacking Uber’s computers for amusement, which only aggravated the company’s wounds.
Lapsus$, or just teens raising hell?
According to Uber, the FBI and the US Department of Justice are currently in contact with the company to manage the problem.
It’s interesting to note that the FBI has just released a press release requesting assistance from the public in finding the notorious group’s members. The petition followed high-profile security lapses that affected American tech giants, including T-Mobile, Microsoft, and Nvidia. According to specialists mentioned in an article by The Washington Post, the group is thought to contain a healthy group of youngsters.
The BBC said a 16-year-old and a 17-year-old were charged following a global investigation into cybercrime occurrences. Before that, the London Police had detained seven troublemakers between the ages of 16 and 21 for comparable cybercrimes related to Lapsus$.
According to a story from Bloomberg, the 16-year-old allegedly oversaw the Lapsus$ group’s operations.
They could amass a fortune worth roughly $14 million despite residing in their mother’s flat. Along with other well-known companies, the gang has previously targeted Samsung, EA, Ubisoft, Vodafone, and Okta.
After stealing the COVID-19 immunization records of millions of residents from the systems of Brazil’s Ministry of Health, the gang attracted significant international notice. Along with stealing private information, the group has also defaced websites and engaged in online vandalism.
According to experts who spoke with Forbes, the gang recently planned a DNS attack that led users of the target websites to pornographic websites.
What exactly happened at Uber?
The Uber hacker made an epic announcement about their success. A malicious user posted a message on Uber’s Slack channel claiming to be a hacker and that Uber had experienced a data breach. The hostile party then downloaded information from an internal programme. However, it was used to handle invoicing along with Slack messages.
It is now clear that Uber has not compromised any critical information. It includes account details, travel history, bank account numbers, or credit card details. In addition, any flaws or vulnerabilities discovered through Uber’s HackerOne dashboard are fixed. Employee accounts that were allegedly compromised by social engineering. It was either disabled or had their passwords reset.
Uber also started a passkey rotation strategy for its internal systems and locked the platform’s codebase. It will prevent any more damage from being done. It also froze any new submissions. Several digital forensics agencies collaborated with Uber to investigate the security breach.