IOTW: Hacker reportedly hits both Uber and Rockstar

IOTW: Hacker reportedly hits both Uber and Rockstar

It has been alleged that the hacker who gained unauthorized access to rideshare service Uber’s servers was also responsible for a similar hack into the systems of Rockstar Games, the developer of the Grand Theft Auto (GTA) game series.

The Rockstar Games hack was discovered on September 19, 2022 after a user named teapotuberhacker posted on the Grand Theft Auto game series fan site GTAForums:

“Here’s 90 footage/clips from GTA 6. It’s possible I may leak more data soon, GTA 5 and 6 source code and assets, GTA 6 test build.”

In the post’s comments, the hacker claimed they had “downloaded [the gameplay videos] from Slack” via hacking into channel used to communicate about the game.

Teapotuberhacker too allegedly attempted “negotiate an agreement” with Rockstar Games regarding the return of the source code and assets. However, after Rockstar Games failed to communicate with them, they announced that they would be selling the GTA 6 source code and documents they had downloaded.

Bloomberg journalist Jason Schreier initially confirmed the hack in a tweet, saying he had “confirmed with Rockstar sources that this weekend’s massive Grand Theft Auto VI leak is indeed real”. Rockstar Games later made a statement via Twitter.

It said Rockstar had suffered a “network intrusion” that had allowed an unauthorized third party to “unlawfully access and download confidential information form [its] systems”, including the leaked GTA 6 footage.

Rockstar confirmed that they will continue to work on the game, and GTA’s publisher Take Two has issued takedown notices to have clips of the game removed from social media.

What happened in the Uber hack?

The hack into Uber’s database took place on September 15, 2022 and involved a compromised Uber EXT account that led to internal servers being accessed.
In a statement, the rideshare service company said the contractor’s password was accessed when the personal device was infected with malware and sold on the dark web.

See also  Stolen cryptocurrencies hit record $3.8 billion in 2022 as hacking activity persists

When he tried to log in with the stolen credentials, the hacker used a technique called Multi-Factor Authentication (MFA) fatigue, where they spammed the contractor with requests for two-factor authentication. While this initially blocked access, the contractor eventually accepted one of the requests, giving the hacker access to Uber’s systems.

According to Uber, the hacker then “gained access to several other employee accounts that ultimately granted the attacker elevated permissions to a variety of tools, including G-Suite and Slack,” and then “posted a message to a company-wide Slack channel … reconfiguring Uber’s OpenDNS to display a graphic image to employees on some internal websites”.

Uber responded to the hack by identifying the accounts that were compromised and blocking their access to Uber’s internal network. It then disabled and reset access to affected internal tools, locked the code database to prevent changes, and added additional monitoring to the internal environment.

An investigation into the hack is still ongoing, but Uber noted that it had seen no evidence that the hacker had “gained access to the production … systems that run [its] apps”. This means that the hacker most likely did not obtain any customer personal information or make any changes to the code base.

Additionally, while the hacker was able to access Uber’s HackerOne database, which the company uses to report any vulnerabilities, “all bug reports the attacker accessed have been patched”.

The hack was linked to the Lapsus$ hacking group by Uber, which “typically uses similar techniques to target tech companies”. The group has been responsible for a number of hacks against tech companies in 2022, including Samsung, Microsoft, RobinHood, MailChimp and Okta. Uber also suggested that Lapsus$ was responsible for the hack of Rockstar Games.

See also  The most popular Isekai Anime that isn't actually Isekai

What is Lapsus$?

Lapsus$ is a malicious hacker group that has been classified as DEV-0537 by Microsoft. The group is known for using social engineering attacks to gain access to employee credentials at the companies they target.

According to Microsoft, Lapsus$ frequently announces[e] their attacks on social media or ads[e] their intention to purchase credentials from employees of target organizations”.

Lapsus$ has been linked to a number of high-profile hacking cases, including one in March this year where the group hacked both Okta and Microsoft within a week. In both cases, a single employee’s account was compromised, leading to access to both companies’ internal servers.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *