Uber believes it has recognized the crew behind final week’s hack, and the title will sound all too acquainted. In an replace on the breach, Uber mentioned the perpetrator was affiliated with Lapsus$, the hacking group that has focused tech corporations like Microsoft, Samsung and T-Cellular. The identical intruder may additionally have been chargeable for the Rockstar hack that leaked Grand Theft Auto VI, Uber mentioned.

It is also clearer simply how the wrongdoer might have accessed Uber’s inner methods. The attacker doubtless purchased the contractor’s login particulars on the darkish internet after they’d been uncovered via a malware-infected laptop. Two-factor authentication initially prevented the hacker from getting in, however the contractor accepted an authentication request — that was sufficient to assist the invader compromise worker accounts and, in flip, abuse firm apps like Google Workspace and Slack.

As earlier than, Uber pressured that the hacker did not entry public-facing methods or person accounts. The codebase additionally stays untouched. Whereas these accountable did compromise Uber’s bug bounty program, any vulnerability reviews concerned have been “remediated.” Uber contained the hack by limiting compromised accounts, quickly disabling instruments and resetting entry to providers. There’s additionally further monitoring for uncommon exercise.

The incident replace suggests the injury to Uber is comparatively restricted. Nevertheless, it additionally signifies that Lapsus$ remains to be hacking high-profile targets regardless of arrests. It additionally underscores main tech firms’ continued vulnerability to hacks. On this case, one fallacious transfer by a contractor was all it took to disrupt Uber’s operations.