Uber Says Lapsus$-Linked Hacker Responsible For Breach

Uber said on Monday a hacker affiliated with the Lapsus$ hacking group was responsible for a cyber attack that forced the ride-hailing company to shut several internal communications temporarily last week. From a report: Uber said the attacker had not accessed any user accounts and the databases that store sensitive user information such as credit card numbers, bank account or trip details. "The attacker accessed several internal systems, and our investigation has focused on determining whether there was any material impact," Uber said, adding that investigation was still ongoing. The company said it was in close coordination with the FBI and the U.S. Department of Justice on the matter. Friday's cybersecurity incident had brought down Uber's internal communication system for a while and employees were restricted to use Salesforce-owned office messaging app Slack. Uber said the attacker logged in to a contractor's Uber account after they accepted a two-factor login approval request following multiple requests, giving the hacker access to several employee accounts and tools such as G-Suite and Slack.

Read more of this story at Slashdot.