Uber suffers ANOTHER data leak after supplier breach

At least 77,000 employees' personal info exposed

Exposed data included user information like name, work email address and location, and device information like serial number, make and model

Image:
Exposed data included user information like name, work email address and location, and device information like serial number, make and model

Ride-hailing firm Uber has been hit with yet another data breach, with stolen data shared on a hacking forum over the weekend.

A hacker named 'UberLeaks' published information belonging to Uber employees on BreachForums, a site that appeared in April after RaidForums was shut down.

Separating the latest data leak from the September security breach, Uber officials said the data published online this week was from an attack on Teqtivity - a provider of asset management and tracking services.

There is no indication that the latest incident is related to the September hack. However, Deryck Mitchelson, Field CISO at Check Point Software said: "The most recent Uber breach should act as a stark reminder that just because you've been targeted once, doesn't mean you are now immune to another breach. Cybersecurity is a continuous journey of evaluation and action, and organisations cannot afford to let prevention slip down the priorities list."

BleepingComputer said the data posted online includes multiple archives that appear to be the source code for mobile device management platforms (MDM) used by Uber, Uber Eats and third-party vendor services.

The threat actor reportedly created four different topics on BreachForums for each MDM platform: one for Teqtivity's, one for TripActions', one for Uber's and one for Uber Eats'.

Cybersecurity experts said the leaked data consists of source code as well as IT asset management reports, data destruction reports, Windows domain login identities and email addresses, as well as other corporate data.

More than 77,000 Uber employees' email addresses and Windows Active Directory information are included in just one of the documents.

Teqtivity blamed the leak on an unauthorised person gaining access to a backup server hosted by AWS that stored code and data files pertaining to Teqtivity's clients, including Uber. The company didn't say how the criminal had managed to breach the server.

Exposed data included user information such as name, work email address and location, and device information like serial number, make and model.

In one minor piece of good fortune, Teqtivity doesn't collect sensitive details like bank account details or government identity numbers.

The company has now engaged a forensics firms to look at all logs and server configurations, and has also contacted law enforcement.

Todd M. Carroll, CISO/SVP of Global Cyber Operations at CybelAngel, said the breach was "once again, an example of not paying attention to your partners.

"We rely heavily on outsourcing, partnerships and vendors. Knowing your attack surface is not only smart, but obtainable today."

He added, "Uber has again made a choice of profit over security [by] exposing customer data."

'We sincerely apologise for any inconvenience this may cause and very much regret this situation has occurred. Your confidence in our ability to safeguard your company data and your peace of mind are very important to us,' the firm said.

Uber said Teqtivity created the leaked source code to manage Uber's services.

While the BreachForum posts mention one of the threat actors connected to the Lapsus$ group, which claimed responsibility for the September attack, Uber emphasised that the group was not involved in this incident.

As the leak contains the email addresses of thousands of Uber employees, experts warned the attackers could use the data to execute social engineering attacks.

It is unknown if Uber has any plans to train its staff on how to avoid falling prey to social engineering techniques, although seeing as that was how its systems were breached back in September it would seem like now is as good a time as any.