Uber blames security breach on Lapsus$, says it bought credentials on the dark web

The security breach that hit Uber last week was the work of Lapsus$, Uber said in a blog post Monday. The South American hacking group has attacked a number of technology giants in the past year, including Microsoft, Samsung, and Okta.

Uber said it is in close coordination with the FBI and US Justice Department on the matter.

While the attackers accessed several internal systems, Uber said it does not appear they infiltrated any public-facing systems, user accounts, or databases that store sensitive user information like credit card numbers. Additionally, Uber said it doesn’t appear that the attackers accessed any customer or user data stored by its cloud providers.

Read more…
Source: ZDNet