Uber, GTA6 hack blamed on international hacking collective
Transport giant Uber has accused a collective known as Lapsus$, which has previously targeted Microsoft and Samsung, of hacking its systems last week in a breach that saw some systems shut down and employees – including in Australia – shown a lewd image of male genitalia.
A person posing as the Uber hacker this week released early gameplay footage from the next installment of the multibillion-dollar video game franchise Grand Theft Auto, along with messages suggesting an extortion campaign.
The three protagonists and anti-heroes of the latest Grand Theft Auto game.Credit:Rockstar games
Developer Rockstar Games confirmed late Monday, Australian time, that it had suffered a data breach, but that it would not affect development of the title. “We are extremely disappointed to have any details about our next game shared with you in this way,” the company said in a statement posted to social media. A spokesman for the company declined to answer specific questions.
On Tuesday, Uber also released more details about the hack via its blog. It said the attacker likely bought a stolen password belonging to an Uber provider on the dark web, a part of the Internet accessible only through special tools and often used for illegal purposes. The hacker then logged in, and after repeated attempts, the contractor finally and unknowingly authenticated the login.
Uber said its investigations showed no user data had been accessed, but admitted some data was obtained.
“It appears that the attacker downloaded some internal Slack messages, as well as accessed or downloaded information from an internal tool our finance team uses to manage some invoices,” the company said. “We are currently analyzing these downloads.”
“Throughout, we were able to keep all of our public Uber, Uber Eats and Uber Freight services operational and running smoothly. Because we took down some internal tools, customer support operations were minimally impacted and are now back to normal.”
Uber said the hackers’ methods were in line with Lapsus$, a loose hacking group that has involved teenagers breaching major tech companies to illustrate their skills. In addition to Microsoft and Samsung, it has also breached networking company Cisco and graphics card maker Nvidia this year, Uber said.
Some of Uber’s global systems were breached last week, with a post on the internal networking tool Slack from the alleged hacker claiming that “confidential data … has also been stolen” from several systems. Staff were presented with an image of a penis when they attempted to log into one system.
