Uber blames security breach on Lapsus$, says it bought credentials on the dark web

The hacking group apparently gained access to several internal Uber systems after stealing a third-party contractor's credentials and then convincing the contractor to approve a two-factor authentication request.