The hacking forum has four new topics purporting to contain newly leaked corporate data from Uber and Uber Eats.
The company confirmed the breach by disclosing Beeping Computer (opens in a new tab) this data, including the source code of mobile device management (MDM) platforms, IT management reports, data destruction reports, windows Active Directory information e-mail addresses, and “other corporate information”. stolen by burglary (opens in a new tab) down Amazon web services (AWS) owned by Teqtivity, an asset management and tracking company.
The true extent of the breach is not yet known, but only one document has been seen Beeping Computer is filled with the data of over 77,000 employees – although security researchers have confirmed that this particular breach should not affect customers.
Uber security issues
The incident is the third known leak of Uber’s personal information in recent years.
in July 2022 TechRadar Pro reported that Uber admitted to covering up a “serious” data breach that occurred in 2016, which led to the disclosure of customer data, including Passwordsthat have leaked online, putting them at risk of identity theft.
However, this leak was discovered long before that, which resulted in, among other things, £385,000 fine from the UK Information Commissioner’s Office (ICO) in 2018.
In September 2022, the company Confirmed that another data breach affecting customers was made possible by critical vulnerabilities endpoints, took place that month. Later He admitted this Lapsus$ hacking group gained access to the HackerOne dashboard, which provides insights into an organization’s digital security.
Forum posts about the December breach refer to at least one individual Lapsus$ member. However, Uber maintains that the September and December violations are not related.
“We believe these files are related to an incident with a third-party provider and are not related to our security incident in September. Based on our initial review of available information, the code is not owned by Uber; however, we are still investigating the matter,” he said, while claiming that he had not observed any malicious or unusual activity on his own systems.
Nevertheless, the latest breach raises concerns about continued reliance on cloud services offered by only a select number of companies, such as Amazon, despite security and concerns about failures.
Uber employees are advised to exercise extreme vigilance Social engineering fraud, e.g phishing attacks by cybercriminals seeking to exploit this breach.