A new data breach occurred at Uber when a hacker exposed sensitive company information, including email addresses, to the public. As of this writing, the company’s investigation into the incident’s third-party vendor is ongoing.
A new data breach involving Uber Technologies Inc.’s third-party vendor caused the exposure of employee email addresses, company reports, and IT asset information.
Uber Cyberattack
The information was published on a hacking forum renowned for publicizing data breaches by a threat actor going by UberLeaks. According to the hackers, the news was taken from Uber and Uber Eats’ servers.
In addition to the previously mentioned information, it contains many archives containing the original source codes for the two programs and the third-party vendor’s services that use mobile device management.
Also, Teqtivity is an outside firm that keeps tabs on and administers IT tools like computers and phones. On Monday, the corporation officially acknowledged the hack.
The attack had an impact on more than 77,000 workers. As Uber’s spokesperson Carissa Simons put it, Based on our initial analysis of the material available, the code is not owned by Uber; nonetheless, we are continuing to look into this problem.
Teqtivity made it clear that they do not collect or keep personally identifiable information such as bank account details or government identity numbers. This implies that the most basic information about the user and their device is leaked.
- Specifics on the device, including its serial number, manufacturer, and model.
- Data on the User: Name, Surname, Company, and Address.
Meanwhile, Bleeping Computer revealed that no customer data was compromised and that the data leak exclusively involved internal company information. While this is true, the exposed data may also reveal potential targets for targeted phishing attempts designed to steal sensitive information such as login passwords.
Read more: Chinese hackers stole millions of US COVID-relief money, Secret Service claims
Previous Cyberattack
In addition, in September, Uber faced a security breach when a hacker claimed to have penetrated the company’s defenses. The intruder contacted employees through Slack, an internal messaging system.
The hacker claimed to be 18 years old and said that the company’s lax security was the motivation behind his attack. Concurrently, another individual assumed the role of the hacker and claimed that he gained access to the system because an employee disclosed a password.
Moreover, Uber has claimed that they do not believe these files are tied to the September hack and instead believe it is related to Teqtivity. Therefore this leak could still be relatively new.
To date, Uber has not observed any malicious access to its internal systems, and the third party is still investigating but has confirmed that the data we’ve seen came from its systems.
Read more: US Senators persuade Fidelity to stop Bitcoin from providing retirement plans.
