Photo of Joshua Bote

A worker cleans a sign in front of Uber headquarters on May 18, 2020, in San Francisco.

A worker cleans a sign in front of Uber headquarters on May 18, 2020, in San Francisco.

Justin Sullivan / Getty Images 2020

The San Francisco ride-hailing tech giant Uber said it fell victim to a hacker — or group of hackers — that they believe is linked to a notorious “cybergang” responsible for a slew of high-level hacks in recent months.

Uber believes the hack, which took place Thursday, stemmed from a compromised company contractor’s account, the company explained in a public statement Monday morning. The contractor’s “personal device had been infected with malware” — and despite two-factor authentication initially blocking the hacker, the contractor accepted an approval request and the hacker got in.

“The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites,” the company said. 

The “graphic image” in question was reportedly a penis. An anonymous Uber employee on the tech forum Blind alleged that the hacker spammed the company’s internal Slack with racist slurs and claims that “Uber underpays its drivers.”

It does not appear that the hacker edited the company’s “codebase” — Uber’s source code — or accessed any databases that “store sensitive user information,” the company said. That said, the hacker may have downloaded some internal information, primarily information from an internal finance service and Slack messages.

The “cybergang” possibly tied to this Uber hack is Lapsus$, the notorious group believed to be responsible for hacks against Samsung, chipmaker Nvidia, cybersecurity firm Okta and, most recently, the gaming company Rockstar Games. The latter hack resulted in a leak of footage from the highly anticipated latest entry into the “Grand Theft Auto” series, “Grand Theft Auto IV.” Alleged Lapsus$ members, including a 16-year-old from the United Kingdom accused of being a leader of the group, were arrested in March.

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *