Ride hailing giant Uber has revealed it is responding to data breach that it says occurred as a result of a compromised third-party vendor.
Over the weekend, a threat actor operating under the name ‘UberLeaks’ posted sensitive information to a popular hacking forum, which they claimed originated from Uber and Uber Eats.
The threat actors claimed that data included source code and IT asset management reports, as well as domain login details, email addresses, and sensitive corporate information, according to a report from BleepingComputer.
The information, which has been analysed by security experts, is believed to include email addresses and information pertaining to more than 77,000 employees.
Initial reports suggest that the incident is not related to a previous breach disclosed by the firm in October.
A spokesperson for Uber told BleepingComputer that the breach is “related to an incident at a third-party vendor and unrelated to our security incident in September.”
“Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter,” the spokesperson added.
Third-party vendor breach
Following a preliminary investigation into the breach, Uber has since confirmed that the incident came as a result of a compromised third-party vendor, Teqtivity.
Teqtivity is one of a number of third-party companies that Uber relies on to support services. The firm helps Uber track, monitor and manage IT assets, including mobile devices and computers.
In a statement, Teqtivity confirmed the breach and said it has launched an investigation into the matter.
“We are aware of customer data that was compromised due to unauthorised access to our systems by a malicious third party,” the company said.
“The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers.”
According to the firm, exposed data includes information pertaining to:
- User information such as work location details, full names and work email addresses
- Device information, including serial numbers, make, models and technical specifications
Teqtivity revealed it is working with a third-party forensics team to investigate the breach. A third-party security team has also been retained to begin penetration testing of the firm’s infrastructure.
"Our investigation is ongoing. However, we have notified affected customers of the incident and have taken steps to ensure the situation is contained and have prevented this type of event from happening again,” the firm added in its statement.
Initial posts by ‘UberLeaks’ claimed that the threat actor(s) had breached Uber’s internal systems. However, the company insists that it is yet to observe any malicious activity on their network.
“The third-party is still investigating but has confirmed that the data we’ve seen came from its systems, and to date we have not seen any malicious access to Uber internal systems,” the firm told BleepingComputer.
Third-party security risks
This incident once again raises questions over third-party vulnerabilities and the potential risks posed to organisations.
In recent years, Marriott, Instagram and DoorDash have experienced data breaches as a result of third-party vendor vulnerabilities.
RELATED RESOURCE
Enhancing cyber security in an expanding landscape
How secure connections between wireless peripherals can help mitigate cyber incidents and empower employees
A recent study by Cyentia Institute found that nearly one-third (31%) of vendors are considered a “material risk” in the event of a data breach.
This growing issue has prompted organisations to implement measures to mitigate threats across the supply chain, with 79% stating that they now have formal programmes in place to manage third-party risk.
Similarly, nearly two-thirds (60%) said that managing third-party vendor risks has become a key priority for their organisation.
Ian McShane, VP of strategy at Arctic Wolf warned that growing threats and high-profile compromises have highlighted the need for businesses to “understand who their suppliers are” and reduce risk by keeping tabs on vendors operating within their environments.
“In recent years, we’ve seen that companies are becoming more at risk of being either the ‘target’ or the ‘transport’ that allows other organisations to be hacked,” he explained.
“Vendor risk assessment is a critical aspect of any organisation's security operations and this must be a priority for 2023,” McShane added.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Uber hit with €290m fine for storing European driver data in the USNews The fine marks the latest imposed on Uber by the Dutch data protection authority
-
Using APIs to rewire supply chains in 2023In-depth Supply chains are on the mend after breaking down recently, and APIs are helping stakeholders get a better handle on data
-
Uber launches infosec hiring spree after attributing breach to LAPSUS$News The company also hinted at the belief that LAPSUS$ was also behind the attack on Rockstar Games over the weekend in a revealing update detailing the inner workings of the attack
-
Uber hacked via basic smishing attackNews The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages
-
SolarWinds hackers strike again with a new “MagicWeb” authentication exploitNews Microsoft warns MagicWeb can abuse admin credentials to hijack AD FS enterprise identity system
-
Former Uber security chief to face fraud charges over hack coverup
News This is thought to be the first instance of a corporate information security officer criminally charged with concealing a hack
-
Former Apple worker alleged to have defrauded company out of $10 millionNews The man faces five federal charges after he is said to have exploited his position in Apple's Global Service Supply Chain
-
KP Snacks supply chain shut down by Conti ransomware attackNews Crippled IT systems are unable to process new orders "safely" and could be down until late-March
