"the attacker used the stolen credentials of an #Uber EXT contractor in an MFA Fatigue Attack where the contractor was flooded with Two-Factor Authentication (2FA) login requests until one of them was accepted"
https://www.bleepingcomputer.com/news/security/uber-links-breach-to-lapsus-group-blames-contractor-for-hack/
