In Uber’s latest data breach, hackers managed to expose employee email addresses, corporate reports and IT asset information, all of which was obtained through a third-party vendor.
On Saturday, stolen Uber data began to appear on at least one hacking forum. The data was initially believed to have come from the Uber and Uber Eats platforms, and later determined to have come from the databases of a third-party vendor.
The group claiming responsibility for the breach calls itself “UberLeaks”. The leaked data includes archives that might contain source code associated with select mobile management platforms (MDMs) used by Uber, Uber Eats and third-party vendors.
On the hacking forum where the data was first spotted, each related post refers to a member of the Lapsus$ hacking group. Yet, despite the posts on the forum, Uber says that the Lapsus$ group is actually not related to this breach.
- 77,000 employees were affected by the breach.
- Attacks of this nature could lead to phishing, credential misuse and supply chain risks.
- The breach highlights the need for strong management of third-party risks.
Media reporting indicates that the newly leaked data includes source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses, along with additional corporate information. The Windows Active Directory information for more than 77,000 Uber employees appears to have been placed in public view.
According to Uber, the company believes that the leak occurred due to a cyber security breach of a third-party vendor.
Uber data stolen from Teqtivity
The latest Uber breach is believed to have occurred through a platform known as Tequivity, which assists Uber with asset management and provides tracking services. It appears that the threat actor gained access to a Teqtivity AWS backup server, which stores data for Teqtivity’s customers.
Employee data safety
Again, The Windows Active Directory information for more than 77,000 Uber employees was exposed. The information contains sufficient detail that cyber criminals can potentially leverage it in order to launch sophisticated phishing attacks directed towards Uber employees.
Attackers may attempt to cajole employees into divulging sensitive company information, such as login credentials for corporate accounts.
In turn, Uber employees are encouraged to remain wary of phishing emails. Such emails may impersonate Uber IT support. Employees should confirm the authenticity of emails directly with admins or other appropriate persons ahead of replying.
In the event that cyber criminals manage to use social engineering attacks to access Uber’s internal systems, experts worry that the company (or any company under similar circumstances) could become another supply chain threat vector.
Customer data safety
Cyber security researchers say that the leaked data is largely related to internal Uber corporate information. Customer information was not compromised.
“Happily, there doesn’t appear to be any customer information exposed in this breach,” wrote Chris Hauk, consumer privacy champion with Pixel Privacy.
Uber’s security challenges
This recent cyber security incident is not Uber’s first. The company has contended with several high-profile incidents across the past several years. In 2016, a third-party breach exposed data belonging to 57 million customers and drivers. In 2022, a social engineering attempt resulted in access to the company’s internal networks and channels.
At the core of the issue is that many organizations do not adequately secure third-party access to internal data. Many organizations offer third-parties the same access as employees, but with fewer cyber security controls in-place. As a result, the data is exposed to external threats. Broadly speaking, companies need to better prioritize cyber security for third-party and vendor groups.
Third-party and vendor security tips
- In order to better prepare for third-party and vendor threats, organizations can map operational capabilities and controls to specific attack scenarios. This will allow security professionals to gain sharper insight into how to prevent, detect and respond to these types of threats.
- Organizations should continuously monitor their third-party cyber security posture. This will provide visibility into the entire attack surface, and will potentially reduce the likelihood of cyber attacks.
- Tabletop exercises and threat emulation can also assist organizations in combating and contending with third-party threats.
- Organizations should review third-party vendors’ security practices and ensure that general cyber security awareness training, and anti-phishing education are presented to employees throughout the year.