Uber Data Breach Exposes 77,000 Employee Email Addresses and Other Company Data

An Uber data breach exposed tens of thousands of employee emails. The data was stolen from a third-party vendor, Teqtivity, which provides companies with IT asset management and smart vending solutions. The data leaked included 77,000 employee email addresses, corporate reports, and IT asset information.

Who orchestrated the hack? The posts that leaked the information referred to a member of the Lapsus$ hacking group, which is known to have perpetrated other attacks. That includes an attack that used a company Slack server to gain access to Uber’s internal network. Despite that, the company has mentioned that it does not believe Lapsus$ was related to the breach.

• The data was leaked on a hacking forum by someone under the username “UberLeak,” who claimed the data came from Uber and Uber Eats.
• There were also archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber, Uber Eats, and third-party vendor services.

How did the hackers gain access to the data? Uber has been subject to cyberattacks and data breaches in the past, but this time, it is believed that the data came from the third-party vendor Teqtivity. The company commented, “Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.”

Teqtivity also released a breach notification detailing what happened. The company said that the hackers accessed a Teqtivity AWS backup server responsible for storing customer data.

Who will be impacted? The leaked data does not include anything related to customers, but it does contain corporate information and details that could be used to engage in phishing attacks on company employees for sensitive information. Therefore, employees will have to be careful about emails impersonating Uber IT support.

• While TripActions was mentioned in one of the topics, the company has spoken out and said that no corporate or customer data was exposed during the attack.
• The hacker also stated that they breached “uberinternal.com,” but the company has yet to detect any malicious activity on their systems.

Third parties bring additional risk: Third-party risks are often overlooked, leaving organizations vulnerable. They might be weaker targets, and if something happens, the ones left cleaning up the mess are those relying on the third party. The severity can be seen based on research showing that 54% of organizations have faced third-party breaches in the past year.

• The research also showed that third-party data breaches might be underreported.
• Many organizations do not have much confidence in third parties informing them of data breaches.

The US leads the world in data breaches: According to a recent study by Surfshark, the US has the highest breach count in the world, totaling 2.46 billion breached email accounts since 2004. Q3 of this year has seen 8.6 million US account leaks, which equates to around 66.5 accounts being hacked every minute. While Q4 has shown better results in the first two months at 43.3 accounts per minute, December might change that.

• Accounts often get breached more than once, which is partially due to the fact that the same email is often used on multiple accounts online.
• Nearly a third of breached accounts do not include the owner’s country of residence, so country-specific breaches could be much higher than the data indicates.

It shows that individuals and organizations are both at risk, with breaches all too common. Uber’s data breach is just one of the most-recent drops in a very large bucket.