Skip to content

Uber suffers new data breach after attack on vendor, info leaked online

Table of Contents

"Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident.

Early Saturday morning, a threat actor named 'UberLeaks' began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches.

The leaked data includes numerous archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber and Uber Eats and third-party vendor services.

The threat actor created four separate topics, allegedly for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, and the third-party Teqtivity MDM and TripActions MDM platforms.

Each post refers to a member of the Lapsus$ hacking group who is believed to be responsible for numerous high-profile attacks, including a September cyberattack on Uber where threat actors gained access to the internal network and the company's Slack server."

Uber data was stolen in Teqtivity breach

"Uber shared further information with BleepingComputer on how its data was stolen in a breach on Teqtivity, which provides asset management and tracking services for the company.

Uber referred BleepingComputer to a Teqtivity data breach notification, which explains that a threat actor gained access to a Teqtivity AWS backup server that stores data for its customers.

This allowed the threat actor to access the following information for companies using their platform.

  • Device information: Serial Number, Make, Models, Technical Specs
  • User Information: First Name, Last Name, Work Email Address, Work Location details

Uber told BleepingComputer that the source code leaked on the hacking forum was created by Teqtivity to manage Uber's services, explaining the many references to the ride-sharing company.

Uber has also reiterated that the Lapsus$ group was not related to this breach, even though the forum posts reference one of the threat actors associated with the group.

While the forum posts state that they breached 'uberinternal.com,' Uber has said that they have not seen any malicious access to their systems.

"The third-party is still investigating but has confirmed that the data we've seen to date came from its systems, and to date we have not seen any malicious access to Uber Internal systems," Uber told BleepingComputer."

Uber suffers new data breach after attack on vendor, info leaked online
Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident.
Full arcticle can be read here

#Transport #DataBreach #ThirdParty #Misconfigured #AWS

Latest

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges. It recommended applying the updates and

Members Public
Modern zsarolóvírusok

Modern zsarolóvírusok

A Magyar Védelmi Beszerzési Ügnynökséget az INC Ransom csoport támadta és zsarolta meg 2024. októberében. Az elmúlt időszakban megszaporodtak azok a magyarországi zsarolóvírus támadások, amelyek során az INC és a vele csaknem 71%-ban azonos Lynx zsarolóvírusokat használták a támadók.

Members Public