The hacker apparently gained access to several internal Uber systems after stealing a third-party contractor’s credentials and then convinced the contractor to approve a two-factor authentication request.
Article Link: Uber blames security breach on Lapsus$, says they bought credentials on the dark web | ZDNET