View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 20, 2022updated 22 May 2023 12:42pm

A Lapsus$-linked hacker could be behind cyberattacks on Uber and Rockstar Games

The same cybercriminal may have struck at the ride-hailing giant and the games studio behind the Grand Theft Auto series.

By Matthew Gooding

Uber believes a hacker linked to the notorious Lapsus$ gang was behind a major breach of its systems last week. The company revealed the offender gained access to its system by stealing a contractor’s credentials, and said the same offender may be behind a breach of systems at Rockstar Games, which saw details of its upcoming title Grand Theft Auto VI leaked online.

Grand Theft Auto maker Rockstar Games has confirmed a breach of its systems. (Photo by rafapress/Shutterstock)

Last week’s Uber hack saw an attacker gain access to a wide range of the company’s systems, before taunting staff on the company’s internal Slack channels. In a security update released yesterday, the ride-hailing giant revealed details of the breach and the steps it has taken to mitigate damage.

How the Uber cyberattack happened

It is thought a contractor working for Uber had their credentials stolen and used by the hacker. “It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web after the contractor’s personal device had been infected with malware, exposing those credentials,” Uber said. “The attacker then repeatedly tried to log in to the contractor’s Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.”

This enabled the criminal to access several other employee accounts which “ultimately gave the attacker elevated permissions to a number of tools”. These included G-Suite and Slack.

Uber says its investigation has not yet turned up any evidence that the attacker was able to access databases containing customer data, and that it does not think the hacker made any changes to its codebase. However, they may have downloaded information from an internal system used by the company’s finance team to process invoices.

Meanwhile, the offender also gained control of the company’s HackerOne security console, where bugs and vulnerabilities are logged. Uber says any problems exposed in the breach have been remediated.

Who was behind the Uber cyberattack?

An investigation into the incident is ongoing, and Uber said “we believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$”.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

As reported by Tech Monitor, Lapsus$ went on a high-profile hacking spree earlier this year, targeting the likes of Microsoft, Samsung and digital identity provider Okta. Reports at the time suggested the group’s mastermind was a 16-year-old boy, and in March, UK police arrested seven teenagers purported to have links to the gang.

The group has also been linked to a hack on software developer Rockstar Games this weekend, which saw videos of the development of hotly anticipated game Grand Theft Auto VI, as well as source code purporting to be from GTA V, leaked online.

“We recently suffered a network intrusion in which an unauthorised third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto,” Rockstar said in a statement. “At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects.”

Uber’s security update noted: “We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts.”

Read more: Why are UK police forces being overwhelmed by cybercrime?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.