Security News > 2022 > September > Uber links breach to Lapsus$ group, blames contractor for hack
Uber believes the hacker behind last week's breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, NVIDIA, Samsung, and Okta.
The company added that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication login requests until one of them was accepted.
"From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack," Uber explained in an update to the original statement.
We identified any employee accounts that were compromised or potentially compromised and either blocked their access to Uber systems or required a password reset.
Throughout, we were able to keep all of our public-facing Uber, Uber Eats, and Uber Freight services operational and running smoothly.
HackerOne has since disabled the Uber bug bounty program, thus cutting off access to the disclosed Uber vulnerabilities.