Uber blames security breach on Lapsus$, says they bought credentials on the dark web

The hacker apparently gained access to several internal Uber systems after stealing a third-party contractor’s credentials and then convinced the contractor to approve a two-factor authentication request.

You can read the full article here.