Kaspersky speaks out on the recent Uber cyber attack

Cybersecurity company, Kaspersky, has spoken out on the recent Uber cybersecurity breach. 

Ride sharing service Uber is investigating the major cyber security breach that forced it to take a number of critical systems offline following the social engineering attack. Uber says it believes that the attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so. This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others.

In a statement on its website, Uber said: "We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts. We’re working with several leading digital forensics firms as part of the investigation. We will also take this opportunity to continue to strengthen our policies, practices, and technology to further protect Uber against future attacks."

Kaspersky's David Emm, Principal Security Research, says: "Consumers need to know they can entrust their personal data to the care of any service provider and should be safe in the knowledge that it is being stored securely.  Yet, in the past 12 months alone we have seen a number of companies, including four major airlines, hit by serious data breaches, which serves to highlight both the regularity with which businesses are being targeted by threat actors, and the inadequate security processes being relied upon to defend against these attacks.

“The most important thing right now is understanding the impact on customers and the steps required to remediate the issue as soon as possible.  It is entirely possible that the breach has revealed information on where people have been, and where homes are located, but it is also worth remaining vigilant to a second wave of threat which could come in the form of phishing messages purporting to be from Uber. For example, in the immediate aftermath of the breach, they might send messages claiming to be official Uber notices in response to the breach, using the credibility of the Uber brand to drive people to fake websites with encouragement to “click here to reset your information.

“Our recommendation, first and foremost, is to delete your Uber account and create a new one with immediate effect. It might sound drastic but if you care about your personal information it is a small price to pay and can be done quickly.  Then, as ever, we recommend setting passwords that are unique and hard for anyone to guess. When it comes to Uber accounts, we recommend people change any passwords that have been used elsewhere, to avoid a domino effect. Also, use this as an opportunity to set up two-factor authentication, something that is mandatory on some sites but voluntary on others.  

“And finally, when setting up an online account, consider using fake security questions – these providers do not need to know your mother’s actual maiden name or your real favourite car, and the same applies for personal information like your date of birth.  Unless this is for an official purpose like renewing your driving license, it is entirely reasonable to make one up to prevent data leaks.”