Uber Hit By New Data Breach After Attack on Third-Party Vendor

Written by

Ride-sharing platform Uber has suffered another data breach as a cyber-criminal posted sensitive company information on a dark web forum, which they had stolen from third-party vendor Teqtivity.

"We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third party," Teqtivity wrote on Monday.

"The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers."

According to multiple sources, the leaked data also included archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber, Uber Eats and third-party vendor services.

"Source code holds huge value to cyber-criminals as it forms part of a company's intellectual property," warned Raj Samani, SVP chief scientist at Rapid7.

"It can be used by threat actors to find security vulnerabilities (yet unknown) within an organization's product and can open the door to further cyber-attacks. Therefore, source code being leaked onto a hacking forum is an extremely worrying prospect for Uber."

Further, one of the documents included in the breach would have contained email addresses and Windows Active Directory information for more than 77,000 Uber employees.

"The leaked data's main value to cyber-criminals would be detailed information on Uber employees to conduct spear phishing," explained RiskLens CTO Bryan Smith.

"This is a good reminder for cyber-defenders to run quantitative analyses on likely phishing-risk scenarios."

The threat actors, operating under the pseudonym "UberLeaks," created four separate posts on the forum, each attributed to a different member of the infamous Lapsus$ hacking group.

"Compromised third parties and suppliers are also a big challenge for security organizations to identify as they often have authorized access to internal systems, even if orphaned or if the company is longer a supplier," said Sanjay Raja, VP of product marketing and solutions at Gurucul.

"Security organizations need to incorporate identity and access analytics as part of their overall threat detection and response programs and identify risk behaviors as they evolve into malicious activity, regardless of insider or external threats."

Speaking to RestorePrivacy, Uber said the new data breach was unrelated to the September one, which was eventually attributed to Lapsus$ by the company.

What’s hot on Infosecurity Magazine?