Uber suffers new data breach as internal info gets leaked online

13 Dec 2022

Image: © Diego/Stock.adobe.com

The details of more than 77,000 Uber employees have reportedly been leaked online, marking another data breach for the company this year.

Uber has been hit with a data breach after a threat actor leaked employee data stolen from a third-party vendor.

The data includes the email addresses, corporate reports and IT asset information of more than 77,000 Uber employees, according to leaked documents seen by Bleeping Computer. The leaked data also reportedly includes corporate information such as source code and IT asset management reports.

The leak has been attributed to a cyberattack targeting Teqtivity, which is used by Uber for IT asset management services.

Teqtivity said a “malicious third party” was able to gain access to an AWS backup server, which housed company code and data files related to its customers.

The exposed information includesd the first name, last name, work email address and work location of users, along with details about their devices.

“Teqtivity does not collect or retain personal information such as home address, banking information, or government identification numbers,” the company said in a blogpost yesterday (12 December).

“We sincerely apologise for any inconvenience this may cause and very much regret this situation has occurred.”

The IT company said it has notified law enforcement and has hired a third-party forensics team to investigate the incident.

Another Uber data breach

The Uber data was shared in an online hacking forum by a threat actor using the name ‘UberLeaks’. These posts contained references to the Lapsus$ cybercrime gang, Bleeping Computer reports.

This cybercrime gang has taken responsibility for a number of high-profile cyberattacks over the past year, including the Nvidia cyberattack and a Samsung data breach in February.

Uber suffered a “cybersecurity incident” in September that forced it to shut down many of its internal tools, communications and engineering systems. The ride-hailing company claimed at the time that the attacker was affiliated with the Lapsus$ group.

Aside from the references to the gang in the online hacking forum, there is currently no evidence that Lapsus$ is involved in the latest Uber data breach.

Uber also told Bleeping Computer that it believes the latest files are “related to an incident at a third-party vendor and are unrelated to our security incident in September”.

Oz Alashe, CEO of cybersecurity company CybSafe, said the latest breach shows that there are “various ways malicious actors can gain access to sensitive information”.

“In this case, Uber was not targeted; instead, it was a third-party vendor. However, with the information accessed, including employee names and email addresses, Uber workers will be a line of defence in preventing more breaches.”

Alashe said Uber’s staff will need to keep an eye out for phishing emails, which will seek to gain “further access to sensitive information”.

Raj Samani, SVP chief scientist at cybersecurity company Rapid7, also highlighted the risk of company source code being leaked online.

“It can be used by threat actors to find security vulnerabilities, yet unknown, within an organisation’s product and can open the door to further cyberattacks,” Samani said. “Therefore, source code being leaked onto a hacking forum is an extremely worrying prospect for Uber.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com