Four new threads on a hacker forum claim to include recently exposed Uber and Uber Eats company data.
A breach to an Amazon Web Services (AWS) server belonging to asset management and tracking service provider Teqtivity has been confirmed, with the company disclosing that data including source code for mobile device management platforms (MDMs), IT asset management reports, data destruction reports, Windows Active Directory information, e-mail addresses, and “other corporate information” was stolen.
Even though security researchers have determined that this particular breach should not harm consumers, the full scope of the leak is currently unknown. However, one document viewed by BleepingComputer has information for nearly 77,000 workers.
Security issues at Uber
This is the third time in recent years that a hacker has exposed user information from Uber.
However, the leak was discovered much earlier, and in 2018, the UK’s Information Commissioner’s Office (ICO) issued a punishment of £385,000 for the breach.
The corporation announced in September 2022 that it has suffered another client data breach due to flaws in its crucial endpoints. A hacker group called Lapsus$ subsequently claimed responsibility for breaching the company’s HackerOne dashboard.
At least one member of Lapsus$ is mentioned in forum discussions about the December hack. Uber, meanwhile, insists that the two data breaches in question—September and December—are completely unconnected.
There is no connection between these data with the security breach that occurred in September, since we think they are connected to an incident at a third-party vendor. It claims it has not noticed any harmful or anomalous behaviour on its own systems and that, based on its first analysis of the public material, the code is not owned by Uber.
Nonetheless, the current hack brings up worries about the continuous dependence on cloud services supplied by only a small few corporations, such as Amazon, despite security and downtime issues.
Due to the recent data breach, Uber has issued a warning to all workers to be on the watch for social engineering schemes, such as phishing attempts, that may be launched by threat actors.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover