Uber Confirms Data Breach after Third-Party Vendor Gets Hacked
Uber recently suffered another data breach that the company confirmed is unrelated to a major data breach it suffered in September.
Uber recently suffered another data breach that the company confirmed is unrelated to its September data breach. The ride-hailing and food delivery company said the latest breach affected Teqtivity, a third-party tool it uses for asset management and tracking services.
According to a series of data leak posts on the hacking forum BreachForums discovered and reported by Bleeping Computer, a threat actor calling themselves UberLeaks was behind the Uber breach.
While the leak posts refer to the Lapsus$ cyber extortion group, which is responsible for multiple high-profile breaches and leaks in 2022 and possibly the September Uber breach, the company has denied that Lapsus$ was involved in the breach.
Teqtivity confirmed unauthorized access to its AWS backup server that hosted company code and customers’ data. Stored data that was breached included device information, including serial number, make, models, and technical specs; and user information, including first name, last name, work email address and work location details.
Robert Ames, threat researcher at SecurityScorecard, told Spiceworks, “Vendors and other third-parties are often granted the same access as employees but with fewer security measures, making them a weak link and therefore a popular target for threat actors. When hackers access a third party’s systems, they can access whatever data that system stores, even if it belongs to other organizations.”
According to BleepingComputer, one leaked document contains email addresses and Windows Active Directory information of more than 77,000 Uber employees. Other leaked data include IT asset management reports, data destruction reports, source code, Windows domain login names, and other corporate information.
One of the leak posts also mentions the breach of mobile device management platforms (MDM) source code from uberinternal.com, which the company said it has no evidence of being breached. The rest of the three leak posts claim to have data from three different platforms, viz., Uber Eats MDM, Teqtivity MDM and TripActions MDM.
“With the leak of Windows Active Directory information, this could give threat actors an extra advantage if they were to try and compromise Uber’s internal infrastructure,” Tonia Dudley, CISO at Cofense, told Spiceworks. “If threat actors are able to map password leaks to current employees, they may be able to identify employees who re-used the same password.”
See More: Stop Spending, Start Validating: How to Achieve an “Assume Breach” Mindset
Stephan Chenette, co-founder and CTO at AttackIQ, added that Uber has been in the throes of malicious cyber activity several times. “Uber has suffered numerous breaches in recent years. Besides the high-profile breach that occurred three months ago that caused the company’s internal databases to be hacked, Uber also faced other significant attacks in the past, such as a massive data breach in 2016 that exposed the data of about 57 million customers and drivers.”
Consequently, Uber will continue to be a cybercriminal favorite. Erich Kron, security awareness advocate at KnowBe4, told Spiceworks, “Unfortunately due to historic events, Uber will continue to be not only a target, but also under a microscope when it comes to security incidents.”
The latest Teqtivity breach doesn’t affect Uber’s customers. However, it does impact Teqtivity’s customers, although affected organizations remain unknown.
“It is important that organizations trusted with sensitive data as well as their third-party vendors take proactive approaches to assessing and validating their security controls. This should include mapping organizational capabilities and security controls to specific attack scenarios to measure their preparedness to detect, prevent and respond to these threats,” Chenette added.
Nevertheless, experts opined that the scope of the breach, both quantitative and in terms of the data that was compromised, can give rise to follow-up cyberattacks through phishing and spear phishing.
Kron concluded, “Personal information on employees and customers can easily be used in creating more relevant and believable social engineering attacks in the future. People whose information may have been accessed or leaked should be made aware of the potential data misuse, and how it may impact them.”
“It is especially important for all employees to be on the lookout for phishing emails impersonating IT support,” Dudley added. “Indicators that an email may be a phishing attempt include an improper tone or greeting, grammar or spelling errors and inconsistencies in email addresses, links and domain names. Employees should also confirm all information directly with IT admins before responding to such emails.”
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
MORE ON DATA BREACHES
