Uber and Rockstar hacks show employee messages privacy needs work

Uber and Rockstar hacks show employee messages privacy needs work

Last week was not easy for Big Tech. Within seven days both Uber and Rockstar Games were hacked. The transport giant confirmed that its internal Slack messages were infiltrated, as well as a tool used by the finance team to manage invoices.

Both breaches highlight the need for companies of all sizes not to take cybersecurity lightly.

Uber was infiltrated last Thursday, forcing it to immediately shut down many of its internal systems, including Slack and Google Cloud Platform.

Rockstar also gained access to internal Slack messages, leading to one of the biggest game leaks in history, with over 90 videos of pre-alpha Grand Theft Auto 6 (GTA 6) footage online.

Uber said the infamous Lapsus$ hacking group was to blame for the breach in its systems last week. The group, which also claims to be behind the Rockstar hack, is known to target the Brazilian Ministry of Health in late 2021. The ransomware attack put millions of citizens’ vaccination data at risk.

While it has not been confirmed that Lapsus$ is also behind the Rockstar hack, Uber acknowledged the potential link in a statement on Monday.

Early development evidence for GTA 6, one of the most anticipated video games of all time, caused the expected frenzy and chatter online – but the two hacks have experts questioning the security of the tech giants and their customers.

Big Tech should take privacy on employee messaging platforms seriously

Both Rockstar Games and Uber had their Slack messaging platforms infiltrated. Rockstar claims they are unclear about how the “network breach” happened. Uber said an EXT provider had its account compromised, likely by having its company password purchased on the dark web.

“The news of the Uber data breach serves as a reminder that any organization – even a large company with a dedicated security team – is at risk of falling victim to a social engineering attack,” said Lawrence Perret-Hall, director at CYFOR Secure.

The fact that both companies fell victim to internal messaging systems being hacked has prompted cybersecurity experts to speak out about the need for stronger security.

Erfan Shadabi, cybersecurity expert at comforte AG, said Verdict:Gaming organizations should take the privacy of employee messaging platforms (where highly sought-after information is stored and shared) as seriously as they would the privacy of their users.”

This should be done by going beyond just “the minimum level of security and reviewing all service providers frequently,” Shadabi added.

The expert believes a data-centric approach that protects the data itself “instead of the perimeter around it” is the way to go.

Shadabi noted, “With methods like tokenization or format-preserving encryption, you obscure the sensitive parts and make it unintelligible and useless to hackers.

“Even better, data-centric security doesn’t rely on protected borders and traveling with the data.”

Tom Huckle, director of information security and compliance EMEA at cybersecurity firm BlueVoyant, notes that recent attacks against Uber and Rockstar have proven that even with multifactor authorization in place, the extra layer of security can be bypassed.

Huckle explained: “The best defense for businesses is a comprehensive cyber security program that is adequately resourced and one that continuously assesses the threats to the business, adapts to them and fosters a culture of awareness and healthy skepticism among employees.

“Security is fluid and never static,” he said, “what may work one day as a defense may fail the next.”

GlobalData is the parent company of Verdict and its sister publications.

See also  Remember Sega's terrible MCU games

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *