Biggest Hacks of 2022 (Part 1)
Every day we are reminded that our security is more fragile than we think. It’s good to take some time to take stock a few times a year to get an accurate view of the cybersecurity landscape. Today, and in an upcoming companion blog, we will be covering four of the largest hacks that have hit the world of tech. This week we’re coving the Uber hack that has given the hacker access to all of Uber’s back-end passwords, and backdoor access to much of Uber’s operations. We will also be covering a slightly more mysterious hack that video game developer, Rockstar Games suffered that leaked tons of in-development projects and their in-network data.
Lapsus$ Uber Hack
On the morning of Monday, September 19, Uber posted a blog update to its website detailing a massive breach of Uber’s systems. This hack was a relatively simple social engineering attack that obtained an Uber EXT contractor’s credentials including their multi-factor authentication.
It was suspected that the hacker initially pulled the developer’s password from a cache on the dark net. It’s likely that the password was scraped from a device that had previously been the victim of a malware attack. Social engineering attacks are embarrassingly simple once a hacker has their hands on the right information. In this case, the Lapsus$ member fired off several login attempts, triggering the multi-factor authentication. After enough attempts, the contractor slipped up and accepted the multi-factor authentication and the breach was complete.
Once access to the contractor’s accounts had been granted, the hacker had nearly unlimited access to Uber’s systems. Uber claims that their security monitoring allowed them to respond to the issue, but notably, Uber’s statement does not claim to have excised the hacker or to have revoked their access entirely.
Some of Uber’s top priorities in the wake of this hack were to stop the bleeding so to speak. They checked their systems for similarly compromised accounts, forced password resets, and shuffled their internal access keys.
What Does This Mean?
The hacker had their fingers in everything, and its possible that, regardless of the key resets they may have their hands on a trove of internal data. Uber’s investigation found that no public-facing systems were touched, and their databases of sensitive user information like trip information and credit card numbers were similarly undisturbed.
Luckily, Uber is prepared for such a breach of those databases should it happen in the future. The personally identifying information that Uber’s customers trust them with is, fortunately, encrypted. In cases like these, encryption provides a secondary or tertiary layer of security.
It is lucky that Uber’s first sweep during this investigation has found no immediate negative effects, but the breach is a massively disappointing event, regardless. Uber processed $26.61 billion worth of bookings in 2020 along, and more than 1.44 billion rides are completed through Uber every quarter, meaning that even a small-scale breach or a fraction of leaked information would have far-reaching effects. The fact that this lone hacker got this far with a single password and a free afternoon does not bode well for their cybersecurity infrastructure.
Rockstar Games Data Leak
Rockstar Games is one of the most successful producers of video games on the planet. Their 2013 game Grand Theft Auto V has been generating well over $6 billion in revenue for the company on its own by maintaining a relatively simple massively multiplayer online mode. This developer has been working on the sequel to Grand Theft Auto V for the last few years, and it is, to this day, one of the most anticipated games in the industry.
About an hour of development footage has been leaked to the public and game journalists, giving the people an unprecedented look at the work Rockstar Games has been doing behind closed doors. The video game industry is famously secretive, so a breach of this magnitude from a studio with such vast resources comes as quite a shock to the cybersecurity world. Rockstar Games is incentivized to keep its title under lock and key to maximize press and public opinion when the game eventually releases.
This attack, interestingly, seems to have worked its way into Rockstar Games via its Slack channel. Details are slim from Rockstar, but the hacker, after leaking footage of the game, claims to have a hold of their source code. This source code is the backbone of the video game currently in development and may be used by the hacker as ransom collateral,
Battle Hackers With AXEL Go
AXEL Go is a cloud-based file storage and sharing system that acts as a secondary line of defense in the face of clever hacks. As we saw with the Uber hack, if crucial personally identifying data and sensitive information is stored in a properly sealed server structure, then even a successful hack will fizzle out. Our decentralized server structure creates an ecosystem of safety that can stand firm in the face of unexpected breaches. Anything from source code to employment information will be basically impenetrable on our decentralized servers and when combined with our AES-256 bit encryption.
Protect Your Business
AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.
AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.
Sources
“Security Update | Uber Newsroom”. 2022. Uber Newsroom. https://www.uber.com/newsroom/security-update/
“Grand Theft Auto 6 Leak: Who Hacked Rockstar And What Was Stolen?”. 2022. The Guardian. https://www.theguardian.com/games/2022/sep/19/grand-theft-auto-6-leak-who-hacked-rockstar-and-what-was-stolen
Fung, Brian. 2022. “Uber Says Hacker Group Lapsus$ Behind Cybersecurity Incident | CNN Business”. CNN. https://www.cnn.com/2022/09/19/tech/uber-lapsus-cybersecurity-incident/index.html
Newman, Lily Hay. “Crypto.com Finally Admits It Lost $30 Million in a Hack.” Wired. Conde Nast, January 22, 2022. https://www.wired.com/story/crypto-hack-nso-group-security-news/.