Uber suffers data breach after attack on third-party vendor


Uber has suffered a new data breach after a threat actor released employee email addresses, IT asset information, and corporate reports online. All this was stolen from a third-party vendor.

The data that, according to a threat actor named “UberLeaks,” was stolen from Uber and Uber Eats, was leaked on a hacking forum known for publishing data breaches on Saturday morning.

The leaked data includes numerous archives claiming to be source code related to mobile device management platforms (MDM) used by Uber and Uber Eats and third-party vendor services.

ADVERTISEMENT

Separate topics were created, supposedly for Uber MDM ar uberhub.uberinternal.com and Uber Eats MDM, and the third-party Teqtivity MDM platform.

Uber confirmed its data was stolen in a breach on Teqtivity, which provides asset management and tracking services for the company. The third-party company also soon said it was aware of the cybersecurity incident.

“We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third party. The third-party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers,” Teqtivity said in a statement.

The firm added that the data exposed included device information such as serial number, make, models, and technical specs, and user data – first name, last name, work email address, and work location details. The investigation is ongoing, and a third-party forensics firm has been retained.

Each post on a hacking forum refers to a member of the Lapsus$ hacking group. It is believed to be responsible for a number of high-profile attacks, including a September hit on Uber when cybercriminals accessed the internal network and the company’s Slack server.

However, Uber is saying that the Lapsus$ group is not connected to this particular breach. The company has also said it hadn’t seen any malicious access to its systems.

And yet, security researchers say that the leaked data contains enough information to conduct targeted phishing attacks on Uber employees.

ADVERTISEMENT

Besides, Lior Yaari, Chief Executive and co-founder of Grip Security, an Israeli cybersecurity startup, has noticed that this latest breach highlighted atypical tactics by the threat actor.

“The threat actor started with technographic profiling. Unlike traditional demographic profiling, targeting data types and industries that have it, technographic profiling is not based on industry, company size, tax status, geolocation, or other business-defining attributes. No, companies are now being targeted based on their technology and technology users,” Yaari said.