This podcast episode discusses recent hacks against Uber and Rockstar Games, the techniques of the attackers and the possible connection to the Lapsus$ cybercrime group.
This week's Risk & Repeat podcast discusses the recent Uber and Rockstar Games hacks and the potential connection between the two incidents.
Initial reports of a hack against Uber came to light on Sept. 15 when HackerOne users noticed that an official Uber HackerOne account was responding to bug submission tickets and taunting the ride-hailing giant. Uber confirmed an incident that night, and HackerOne locked down Uber's data to prevent further damage.
However, it quickly became apparent that the compromise extended much further than the HackerOne account. Screenshots of Uber's AWS and Google Cloud Platform instances surfaced, and reports claimed that more services and internal tools were breached as well. In a Monday statement, Uber said it believes the threat actor is part of the Lapsus$ hacking group.
Another breach came at the expense of video game publisher Rockstar Games. Pre-release footage of an upcoming Grand Theft Auto game was leaked on a fan forum Sunday morning, and the leaker who initially published the footage claimed to have also been responsible for the Uber hack.
SearchSecurity editors Rob Wright and Alex Culafi discuss these attacks, young hackers allegedly compromising major companies and the strange, ever-evolving story of Lapsus$ on this podcast episode.
Alexander Culafi is a writer, journalist and podcaster based in Boston.