We’re working with several leading digital forensics firms as part of the investigation. We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts. There are also reports over the weekend that this same actor breached video game maker Rockstar Games. This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others. We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so. Because we took down some internal tools, customer support operations were minimally impacted and are now back to normal. Throughout, we were able to keep all of our public-facing Uber, Uber Eats, and Uber Freight services operational and running smoothly. However, any bug reports the attacker was able to access have been remediated. The attacker was able to access our dashboard at HackerOne, where security researchers report bugs and vulnerabilities. We are currently analyzing those downloads. It does appear that the attacker downloaded some internal Slack messages, as well as accessed or downloaded information from an internal tool our finance team uses to manage some invoices. We also have not found that the attacker accessed any customer or user data stored by our cloud providers (e.g. We reviewed our codebase and have not found that the attacker made any changes. We also encrypt credit card information and personal health data, offering a further layer of protection. public-facing) systems that power our apps any user accounts or the databases we use to store sensitive user information, like credit card numbers, user bank account info, or trip history. While the investigation is still ongoing, we do have some details of our current findings that we can share.įirst and foremost, we’ve not seen that the attacker accessed the production (i.e. The attacker accessed several internal systems, and our investigation has focused on determining whether there was any material impact.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |