Uber Confirms Data Breach after Third-Party Vendor is Hacked
Reading Time: 3 minutes

Uber confirms data breach after its third-party vendors were hacked, this incident is not linked with the September data breach. Teqtivity, a third-party tool used by Uber for asset management and tracking is the latest victim to the cyber attack. 

BleepingComputer reported a series of data leak posts on BreachForums, a hacking forum platform. Threat actor Uberleaks has been identified behind the Uber breach.

Though the leak post points towards the Lapsus$ cyber extortion group, responsible for multiple high-profile breaches and leaks in 2022 and possibly the September Uber breach, this suggests the group’s involvement in the breach.

Teqtivity’s backup server was confirmed to have unauthorized access. This had the effect of exposing device information and customer data. The exposed data included serial numbers, usernames, and passwords that were gathered by a third party in 2017. Teqtivity worked with AWS immediately upon discovering the breach in order to mitigate any risks.

According to Robert Ames, a threat researcher at SecurityScorecard, “Vendors and other organizations often have the same levels of access to enterprise systems as employees, which can create a weak link in security and make them a popular target for hackers. When hackers infiltrate a vendor or other organization’s system, they can extract all the data that the system contains – even from third parties.”

One leaked document contains email addresses and Windows Active Directory information of more than 77,000 Uber employees. Other leaked data include IT asset management reports, data destruction reports, source code, Windows domain login names, and other corporate data.

Another leak mentions the breach of a mobile device management platform, uberinternal.com, which Uber believes has not been breached. The rest of the 3 leaks claim to have data from 3 different platforms- uberEATS MDM, Teqtivity, and TripActions MDM.

Tonia Dudley, CISO at Cofense said, “The leak of Windows Active Directory information could give threat actors an advantage if they tried to compromise Uber’s internal infrastructure. If threat actors were able to map leaked passwords with current employees and discover employees who had used the same password for both data sets, that could be problematic.”

That’s right, we love great digital products, and that’s why we work with founders like you. You’ll see this in our no-nonsense approach, which includes respecting your uniqueness and maintaining the culture that has made your business amazing.

As a result, Uber will continue to be cybercriminals’ favorite target. Security awareness advocate Erich Kron told Spiceworks, “Unfortunately due to historic events, Uber will continue to be not only a target but also under a microscope when it comes to security incidents.”

This latest Teqtivity breach doesn’t affect Uber customers. The impact on Teqtivity’s customers is also unknown, although affected organizations are not revealed at this time.

Organizations with sensitive data and third-party vendors need to map their capabilities and security controls to specific scenarios in order to be prepared for attackers, according to Chenette.

In spite of this, experts predict that the scope and breadth of the breach could lead to follow-up cyberattacks through phishing or spear phishing.

Kron added, “Personal information on employees and customers can easily be misused to create more relevant and believable social engineering attacks in the future. Persons who may have been impacted or had their data leaked should be made aware of how the misuse of the data may impact them.”

Dudley concluded, “It’s especially important that all employees be on the lookout for phishing emails impersonating IT support. Indicators that an email may be a phishing attempt include an improper tone or greeting, incorrect grammar or spelling errors, and inconsistencies in email addresses, links, and domain names. Employees should also confirm all information directly with IT admins before responding to such emails.”

Related Articles:
TPG Telecom Ltd Email Breach Targets Customers’ Cryptocurrency and Financial information
Citrix ADC and Gateway Zero-Day Vulnerability Exploited by Hackers Actively
LockBit Ransomware Group Breaches California’s Finance Department