The attacker likely bought the contractor's password from the dark web after it was exposed via malware, Uber said in a statement on its website, adding that the company took steps to respond to the attack which included disabling affected internal tools and locking down its codebase.
"We've not seen that the attacker accessed the production (i.e. public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info, or trip history," said the company.
Uber said the attacker is affiliated with a hacking group named Lapsus$ which was also responsible for the recent attack on RockStar Games.
"We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts," Uber said.
Shares of Uber fell about 2% in recent trading on Monday afternoon.
Price: 31.32, Change: -0.61, Percent Change: -1.91
|Insider Sell: Progyny|
|Insider Sell: Ptc|
|Sector Update: Tech Stocks, Chipmakers Dragged Lower...|
|Insider Buy: Opal Fuels|
|--GitLab Guides For Q4 Loss of $0.15-$0.14 on Revenu...|