Uber sees employee data leaked following cyberattack

A hacking forum has four new topics purporting to contain newly leaked corporate data from Uber and Uber Eats.

The company has confirmed a breach, revealing to BleepingComputer that data, including source code for mobile device management platforms (MDMs), IT asset management reports, data destruction reports, Windows Active Directory information, e-mail addresses, and “other corporate information” was stolen via a breach to an Amazon Web Services (AWS) server belonging to asset management and tracking service company Teqtivity.

The true extent of the breach is as yet unknown, but one document alone seen by BleepingComputer is stuffed with data for over 77,000 employees - although security researchers have confirmed that this particular breach should not affect customers.

Uber’s security woes

The incident is the third known breach to leak Uber personal data in recent years. 

In July 2022, TechRadar Pro reported that Uber confessed to covering up a “major” data breach that occurred in 2016 that led to customer data, including passwords, being leaked online, putting them at risk of identity theft

That leak was, however, uncovered well before then, resulting in a £385,000 fine from the UK’s Information Commissioner’s Office (ICO) in 2018.

In September 2022, the company confirmed that another data breach that affected customers, made possible by vulnerabilities to its critical endpoints,  had occurred that month. It later admitted that hacking collective Lapsus$ had gained access to its HackerOne dashboard, which provides insights into an organization’s digital security.

Forum posts relating to the December breach do reference at least one individual member of Lapsus$. However, Uber maintains that the September and December breaches are unrelated.

“We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September. Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter,” it said, while also claiming that it has not seen malicious or unusual activity on its own systems.

Nevertheless, the latest breach raises concerns around the continued reliance on cloud services offered by only a select number of companies, such as Amazon, despite security and outage concerns.

Uber employees are advised to be extra vigilant on the lookout for social engineering scams, such as phishing attacks, from threat actors looking to capitalise on the breach.



Comments