US tech company Uber believes the attacker (or attackers) is or are affiliated with a hacking group called Lapsus $ , which has become increasingly active over the past year. While the internal investigation is still ongoing, Uber has identified some details of the current findings.
The attacker gained access to several internal systems and the investigation has focused on determining whether there was a material impact. Uber thinks that because the hacking group usually uses similar techniques to attack technology companies, they should look there. In 2022 alone, Microsoft, Cisco, Samsung, Nvidia and Okta, among others, were hacked.
Our existing security monitoring processes enabled our teams to quickly identify the issue and take action. Our top priorities were to ensure that the attacker could no longer access our systems; to ensure that user data was safe and that Uber services were not compromised; and then to investigate the magnitude and impact of the incident.
Uber has no evidence that the incident involved access to sensitive user data (such as travel history). The attacker was not determined to gain access to the production systems that power the Uber apps such as any user accounts or the databases they use to store sensitive user information, such as credit card numbers, user bank account information, or travel history.
Uber is partnering with several leading digital forensics companies as part of the investigation. They will also take this opportunity to continue to strengthen policies, practices and technology to further protect Uber from future attacks.