[Security Weekly] Uber Suffers Unprecedented Security Breach By LAPSUS$ Affiliate

uber breach

September 2022, Issue II


1. Uber suffers unprecedented massive data breach, entire network likely compromised

Ridesharing company Uber suffered a serious data breach on September 15, where the hacker potentially compromised its entire network including accounts for third-party services, all beginning from a phishing text message.

The hacker, who self-claimed to be 18 years old, sent screenshots to New York Times and security experts, demonstrating that they have gained full admin access to Uber’s AWS and GCP cloud systems. The hacker said they started the attack by sending a phishing text to an Uber employee, where they impersonated an IT staff, persuading the employee to reveal their password.

After gaining that one password, the hacker was able to go into the internal VPN and found a wide array of high-profile credentials on its file-sharing system. They eventually accessed virtually everything in the network, including workloads, engineering systems, and corporate EDR console, along with Uber’s Slack account, its internal communication platform.

Security experts expressed concerns as it is nearly impossible to determine what data were accessed because the hacker also obtained access to the logging systems. This means that the hacker could have deleted or altered their access history.

Uber was forced to temporarily shut down its crucial systems but said that its user-end services remain operational. The company later claimed that the hacker was in fact affiliated with the infamous LAPSUS$ hacker group, and reassured customers that databases storing sensitive personal and financial data were not assessed.

Sources: ZDNet, The New York Times, Reuters


2. Second-largest US school district hit by ransomware prior to new school year

The Los Angeles Unified School District (LAUSD), the second-largest school district in the US with more than 640,000 enrolled K-12 students, was hit by a ransomware attack during the Labour Day weekend. Despite major disruptions to its IT systems, school started as usual on September 6.

Although IT systems and email servers were down, LAUSD said that school was able to start as employee payrolls and benefits, safety and emergency mechanisms, and offline instructions were not impacted. However, food services and other business operations were delayed.

LAUSD contacted the White House immediately, which led to a quick response from the Department of Education, FBI, and CISA. Although the school district did not explicitly identify the attackers, the FBI and CISA issued a warning on September 6 stating that the Vice Society ransomware gang has been actively targeting US school districts.

Sources: SC Media, Infosecurity


3. Over 219,000 customer records of Starbucks Singapore sold on hacking forum

Starbucks’ Singapore division confirmed a data breach impacting its registered customers in an email sent out on September 16. Compromised data included customer names, gender, dates of birth, mobile numbers, email addresses, and residential addresses.

The incident was first discovered when the attackers posted on a popular hacking forum on September 10, offering to sell a database containing 219,675 Singaporean Starbucks customers. The forum’s owner also confirmed the validity of the database. The attackers later claimed to have already sold one copy of the database for $3,500, and would offer four more copies to potential buyers.

Starbucks said the breach impacted customers who have registered for an online shop account and completed at least one transaction via its website or mobile app. It reassured that the account credentials of its Starbucks Rewards loyalty program and any associated credit card information remained safe.

Sources: ZDNet, Bleeping Computer, CNA


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security