October 3, 2022 by Michael X. Heiligenstein
In September 2022, a hacker under the alias ‘teapotuberhacker’ compromised both Uber and Rockstar Games in short succession. The Uber breach appears to have been thorough, compromising their source code, internal databases, and more. The Rockstar breach appears smaller in scope, though it did include leaked footage of Grand Theft Auto 6.
More recently, American Airlines disclosed a small-scale data breach, and the Kiwi Farms harassment forum was hacked, exposing its users. There have been no major data breaches reported so far in October.
Below, you’ll find an overview of the latest data breaches, starting with the most recent. You can also see here for the biggest breaches of the year so far.
September 2022: Kiwi Farms Breached
On September 19, the owner of harassment forum Kiwi Farms acknowledged that the site had been hacked. Per his description, user’s passwords, emails, and IP addresses were exposed in the incident. In this case, it appears the hacker used session hijacking to steal the administrator credentials to the website.
September 2022: American Airlines Discloses Data Breach
On September 16, American Airlines notified customers and legal officials that they had discovered a breach in July of 2022. American Airlines has described the number of people affected as “very small”; per one legal filing, it would appear 1,708 customers and employees’ data exposed in the incident. The breach appears to have been the result of a phishing attack.
September 2022: Hacker Breaches Rockstar Games, Leaks GTA6 Footage
On September 18, a hacker under the alias ‘teapotuberhacker’ leaked roughly 50 minutes of footage of Grand Theft Auto 6, an upcoming game produced by Rockstar Games. They apparently obtained the footage by gaining access to the company’s Slack, where they proceeded to download the video clips. Rockstar acknowledged the leak in a statement released on Twitter.
The same hacker, who appears to be affiliated with the Lapsus$ group, managed to breach Uber in the same week — read on.
September 2022: Lapsus$-Affiliated Hacker Compromises Uber
On September 15, a hacker announced in Uber’s private Slack channel that he had breached the company. One security engineer described it to the New York Times as “a total compromise”, and stated that “They pretty much have full access to Uber.” Uber’s source code, internal databases, communication channels, and more were all compromised in the breach.
This appears to have been a social engineering attack. The hacker, who uses the alias ‘teapotuberhacker,’ was able to successfully get past multi-factor authentication by repeatedly spamming an Uber employee with requests to grant access, claiming to be an IT worker. This same hacker has also claimed credit for the Rockstar Games breach.
In a statement released September 17th, Uber said they had found “no evidence that the incident involved access to sensitive user data (like trip history).” Uber has linked this breach to the Lapsus$ group, which has compromised companies such as Nvidia, Samsung, and Microsoft.
September 2022: U-Haul Discloses Data Breach Including Driver’s License Numbers
On September 12, U-Haul notified customers that they had detected a breach that included customers’ names and driver’s license numbers — but not any credit card information. Apparently, the attackers had access to U-Haul’s rental contracts portal from November 2021 to April 2022. U-Haul discovered the breach in July, and, after investigating the incident, disclosed it in September.
September 2022: Alleged TikTok Breach Appears to Be False Alarm
On September 3rd, a hacker going by the alias “AgainstTheWest” claimed to have breached TikTok on Breach Forums. However, TikTok has disputed the breach, stating that “We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases.”
They aren’t the only ones to dispute this hacker’s claims. Troy Hunt, creator of Have I Been Pwned, investigated the data and deemed it “inconclusive”. And the owner of Breach Forums, the hacker “pompurin”, banned AgainstTheWest for lying about multiple data breaches:
Please note that the breach is not from TikTok, and that he most likely was lying or didn’t even investigate it before making such outrageous claims. AgainstTheWest has had a long history of lying about breaches or other things (Saying he’s a State sponsored hacking group… lol) and this was just the tipping point.
As far as we can tell, the hacker scraped publicly available information from TikTok. But TikTok itself does not appear to have been hacked, and private data does not seem to have been leaked.
August 2022: 130+ Companies Compromised in 0ktapus Phishing Breach
On August 25, the cybersecurity company Group-IB published a report detailing a months-long phishing campaign that has compromised at least 130 companies, including Cloudflare, Doordash, Mailchimp, and Twilio.
The attackers, whom researchers have given the moniker ‘0ktapus’, executed their attack primarily by imitating the authentication service Okta. Via text message, they would direct their targets to a fake authentication page, where the victims would then enter their login credentials, giving the attackers access to their account.
These attackers have often used one compromised service to breach another. They leveraged their access to Twilio’s phone number verification services, for instance, to attempt to compromise 1,900 Signal users.
Money would appear to be the motive behind these attacks; Group-IB noted that many of the companies targeted were financial, providing crypto and investment services.
For complete list please visit https://firewalltimes.com/recent-data-breaches/