Source: Uber
Uber's computer network was breached by a cyberattacker last Thursday. The company says it hacked into the account of an EXT contractor after possibly buying the employee's credentials from the dark web. The company blames hacking group Lapsus$, which used similar attacks to breach Microsoft, Cisco, Samsung, Nvidia, Okta and others in 2022.
Uber believes the contractor's personal device was most likely infected with malware. Uber has online safety precautions for employee logins, but the contractor unknowingly accepted a verification notification that might have granted the attacker access, according to Uber. The hacker was then able to access several employee accounts and tools, like G-Suite and Slack.
The company confirmed the report last week, saying the hacker sent a message to a company-wide Slack channel and "reconfigured Uber's OpenDNS to display a graphic image to employees on some internal sites." In its post, Uber says no personal data was compromised, and services are back to normal and running smoothly. It is working with the FBI, the US Department of Justice, and "several leading digital forensics firms" on its ongoing investigation.