Uber Lapsus$ social-engineering breach
An 18-year-old affiliated with Lapsus$ socially engineered an Uber contractor, defeated MFA through an hour-long push-bombing campaign, then found hardcoded admin credentials on an internal share that unlocked Uber's AWS, G-Suite, Slack, and HackerOne dashboards.
- Victim
- Uber Technologies