The infamous Teen Hacking Group may be behind the latest Rockstar Games and Uber Hacks
If you don’t live under a rock, you’ve probably heard of the massif Rock star hack that resulted in the leak of over 90 videos of the long-awaited Grand Theft Auto VI game. We’ve covered the story in much more detail, which you can read here. While the breach is still being investigated, it appears the hacker was able to gain access Rockstar Games internal Slack messagesand access all the content from there.
An Uber EXT provider had their account compromised by an attacker. It is likely that the attacker acquired the contractor’s Uber corporate password on the dark web, after the contractor’s personal device was infected with malware, exposing those credentials. The attacker then repeatedly attempted to log into the contractor’s Uber account. Each time, the contractor received a two-factor login authorization request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker logged on.
– Uber Newsroom
In another hack, in the same breath, Ubers internal systems were compromised. This time, too, the hacker gained access to all this information breaking into company Slack channels. While the full extent of the hack is still being investigated, screenshots leaked by the attacker paint a very disturbing picture. In addition, US investigative authorities now believe that both the Rockstar Games and Uber hacks may have been carried out by the same group, called Lapsus$ crime group.
And for good reason, too, as previous hacks by the group on other companies follow a similar modus operandi, where the attackers gain access to the company’s internal messaging platforms through phishing methods.
The group’s mastermind, a 16-year-old boy, was arrested earlier this year by British police in Oxford. Police in the City of London also arrested seven other teenagers for allegedly sharing links with the notorious hacking group. It is possible that the recent attacks were carried out by other members of the Lapsus$ crime group, or that this is a completely different group trying to impersonate the Lapsus$ members, following their modus operandi.
Whenever such major breaches occur, there is actually a very serious investigation by the Feds and other US authorities. In most cases, the attackers are caught, unless they are state-sponsored attackers or located in places where extradition is not an option. As for the current Uber and Rock star hacks, both the FBI and the Justice Department are investigating it, though they have nothing new to share at this time.