Uber, Rockstar Games

Uber launches infosec hiring spree after attributing breach to Lapsus$

Company hints same hackers behind the attack on Rockstar Games over the weekend
Image: Getty via Future

20 September 2022

Uber has embarked on a hiring spree for security personnel in the wake of its data breach last week and has also revealed new details about who was behind the attack.

On Friday last week, several open positions appeared on LinkedIn just one day after the ride-hailing tech giant confirmed the breach to the public.

Roles that are still open for applications include senior security incident commander to lead incident response, security engineer and security engineering manager at the company’s threat detection division, and senior security engineers across applications security, enterprise security, and investigations.




The positions opened for applicants the day after the attack was confirmed.

In an update to customers on Monday, Uber also confirmed several other details about who was behind the attack and how the cyber criminals were able to successfully breach the company.

Uber attributed the attack to the Lapsus$ hacking group which came to prominence in early 2022, claiming successful attacks on major companies such as Microsoft, Okta, Nvidia, Samsung, and T-Mobile.

The group has been described as both “competent and incompetent at the same time” by experts and is believed to be run by young cyber criminals in Portugal, Brazil, and the UK whose ages range between 16 and 21.

Unlike many emerging cyber criminal organisations, Lapsus$ does not operate on a ransomware model and in the case of the Uber hack, the company said the group managed to gain access to a contractor’s account by spamming multi-factor authentication (MFA) prompts.

Uber believed the contractor’s device had been infected with malware, allowing hackers to steal credentials and sell them to Lapsus$ on the Dark Web.

From there, the attackers repeatedly tried to gain access to the contractor’s account using the stolen credentials, and the repeated attempts would have delivered a frustrating number of prompts to the contractor’s phone.

The contractor eventually accepted one of the prompts allowing the attackers full access to their account.

This is a known attack method in the industry and relies on sending so many prompts that the target becomes annoyed with all the notifications and accepts one to make them stop.

Lapsus$ is also known for having deployed such tactics in the past, saying they prefer to carry them out while the target sleeps to maximise effectiveness.

“From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G Suite and Slack,” said Uber.

“The attacker then posted a message to a company-wide Slack channel, which many of you saw, and reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites.”

Uber said the attackers were able to access and download Slack messages – the content of which was not specified – and download data from its finance team’s invoice management tool.

Lapsus$ also accessed Uber’s HackerOne dashboard. HackerOne is a security bug and vulnerability reporting platform, though the only reports available to the hackers were regarding vulnerabilities that had already been remediated, Uber said.

The company confirmed nothing else was affected, including its code base or any of its public-facing apps or technologies.

Uber also confirmed that Lapsus$ was unable to access any customer data stored by its cloud providers, including AWS’ S3.

“We’re working with several leading digital forensics firms as part of the investigation,” said Uber, which also said the investigation is still ongoing.

“We will also take this opportunity to continue to strengthen our policies, practices, and technology to further protect Uber against future attacks.”

The Rockstar link

Uber also revealed that it believed Lapsus$ was the hacking group behind the recent breach of Rockstar Games – the developers of popular video game franchises such as Grand Theft Auto and Red Dead Redemption.

The studio announced over the weekend that it had fallen victim to a significant data breach which involved the leaking of footage from the company’s pre-alpha version of the upcoming Grand Theft Auto VI game.

“We recently suffered a network intrusion in which an unauthorised third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto [game],” said Rockstar Games.

Uber said it is working with the FBI and US Justice Department to investigate the incident further. It’s unclear if the authorities are also investigating the incident at Rockstar Games, too.

Future Publishing

Read More:

Back to Top ↑