Uber security breach was the work of Lapsus$

Uber is now blaming the security breach on Lapsus$ for credentials on the dark web.

On Monday, Uber opened up about it in a blog post and also told that it is now coordinating with the FBI and US Justice Department.

LAPSUS$ is an international hacking organization that was first noticed in 2021 for a breach of the Brazilian Health Ministry's systems. 


Lapsus$ has previously attacked many large companies including Microsoft, Samsung, and Okta.  

According to Uber, the group hasn't reached any user accounts, databases, or credit card numbers.

It didn't appear that Lapsus$ attacked any data of users but they downloaded important files of the finance team and internal messages.

At HackerOne, they found access to Uber's dashboard where Lapsus$ took accounts and tools of employees.

After repeatedly trying to log in to a contractor's Uber account they finally cracked a two-factor login approval request.

As the contactor's device is infected by malware they obtained passwords by purchasing it on the dark web.