On Sept. 19, the Uber hack was blamed on hacking group Lapsus$, which the company announced days earlier. Lapsus$ is an international hacking group known for attacking companies in the tech industry, including Microsoft, Cisco, Samsung, and Nvidia, in 2022 alone.
“The attacker accessed several internal systems, and our investigation has focused on determining whether there was any material impact,” Uber said in a statement.
At the end of its last financial year, Uber had 118 million active regular users.
According to Silverfort’s CTO and co-founder, Yaron Kassner, Lapsus$ has previously extorted the victims of its attacks and threatened to leak data if its demands weren’t met.
“Publishing such information also serves to bolster their credentials and show future victims their intentions are serious,” Kassner told the Washington Examiner.
While Uber has said that it has not seen a breach of customer data, it may be too early to tell, Kassner said. Whether or not customer information is involved is “something that will only be fully ascertained once an incident investigation is complete, which takes time,” Kassner. “Given the high level of privileges obtained, it remains a possibility.”
To read the full story with Silverfort’s commentary on the Uber hack, click here.
For the key lessons we’ve learned from the Uber hack, check out our blog here.