"We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so," Uber wrote in its Monday update.
San Francisco-based Uber (UBER) also noted that while the investigation into the attack is still ongoing, the hacker did not access any of its public-facing systems that power its apps, user accounts or databases that store user information, like credit card information, bank accounts or trip history.
The attacker did not make any changes to its code nor did it access any customer user data stored on its Amazon (AMZN) Web Services account. However, it looks like the hacker did access some internal Slack messages and downloaded some information from its finance team used to manage invoices.
In addition, the hacker accessed its dashboard at HackerOne, where bugs and vulnerabilities are posted.
The company also said it is working with several digital forensics firms as part of its investigation.