A hacker associated with the Lapsus$ hacking group was to blame for a breach of its internal systems last week, according to the company.
Several of the company's internal systems were taken offline after the hack was discovered.
It happened a few days before the video game maker was hit by a hacker. Dozens of videos of the company's new game were leaked online. The same attacker is mentioned in the security update but it is not clear if it is the same one.
As the investigation continues, the company is in close contact with the FBI.
The finance team used an internal tool to manage invoices and the hacker downloaded information from it. The company said that they are analyzing the downloads.
The Brazilian Ministry of Health was attacked by Lapsus$ in December of 2021. Several members of the group were arrested earlier this year.
New details about the hack were confirmed by the company. The dark web is where the attacker may have bought the corporate password for the contractor after his personal device was compromised.
The company said that the attacker tried to log in multiple times. The first time, the contractor received a two-factor login approval request. The attacker was able to log in after the contractor accepted one.
The alleged hacker tricked an employee of the company into giving him access to the systems by pretending to be an IT official.
The hacker was able to gain access to a number of internal company tools, including G Suite. A graphic image of employees was displayed on some internal sites after a message was posted to a company-wide chat channel.
The hacker posted a message on the company's internal chat system. The message that was circulating on social media said that it was a hacker and that the ride sharing company had suffered a data hack. The alleged hacker then listed confidential company information they said they had access to and posted a message on the internet.
The company forced employees who had their accounts compromised to change their passwords and restrict them from certain internal systems until they did so. Many of the internal services of the company were reset through the rotation of keys. Even though it claims to have not detected any changes as of yet, it locked down its own codebase.
The company claims that sensitive customer data is safe.
First and foremost, we’ve not seen that the attacker accessed the production (i.e. public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info, or trip history. We also encrypt credit card information and personal health data, offering a further layer of protection.
HackerOne is where security researchers report bugs and vulnerabilities. Any bug reports that the attacker was able to access have been fixed.
Several leading digital forensics firms are working with the company as part of its investigation.
The company said it would strengthen policies, practices, and technology to protect against future attacks.