Uber has been the subject of a new cyberattack. Early on Saturday morning, a threat actor going by the name of “UberLeaks” began publishing information on a hacking forum known for revealing data breaches.
Employee email addresses, company reports, and data on IT assets that were stolen from a third-party vendor are all included in the attack.
Specifics of the Uber Data Breach
Numerous archives that claim to be source code for mobile device management platforms (MDM) used by Uber, Uber Eats, and other third-party vendor services are among the disclosed data.
The ‘UberLeak’ hacker created four different topics on the hacker forum, for each MDM platform deployment it had breached.
“The threat actor created four separate topics, allegedly for Uber MDM at [uberhub.uberinternal.com] and Uber Eats MDM, and the third-party Teqtivity MDM and TripActions MDM platforms”, according to BleepingComputer.
Report states that each forum topic post makes a mention of a hacker from the Lapsus$ gang. Numerous high-profile hacks and breaches of prestigious companies, notably Uber, were the work of Lapsus$. This year’s September saw the most recent breach at Uber.
Email addresses and Windows Active Directory data for more than 77,000 Uber employees are among the stolen information that BleepingComputer has seen.
“The newly leaked data consists of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses, and other corporate information”, reports BleepingComputer
Particularly, Uber has stated to BleepingComputer that the information is new and was stolen from a third-party source, not as part of the breach in September.
“We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September. Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.” Uber
According to security researchers who have investigated the disclosure, none of Uber’s customers are mentioned in the hacked data, which relates to internal business information.
Nevertheless, it is been informed that the exposed data has sufficient specifics to enable targeted phishing attacks against Uber employees in order to obtain more sensitive data, such as login credentials.
Uber also disclosed that threat actors had just breached Teqtivity, a platform it utilizes for asset management and tracking services, and had stolen its data. Uber pointed out a Teqtivity data breach notice made public this afternoon, which says that a threat actor acquired access to a Teqtivity AWS backup server that Teqtivity uses to store data for its customers.
“The third party is still investigating but has confirmed that the data we’ve seen to date came from its systems, and to date, we have not seen any malicious access to Uber’s internal systems,” said Uber.
Hence, before replying to any phishing emails pretending to be from Uber IT help, all employees of the company should double-check the information.
Penetration Testing As a Service – Download Red Team & Blue Team Workspace