Uber sees employee data leaked following cyberattack

A hacking discussion board has 4 new subjects purporting to include newly leaked company knowledge from Uber and Uber Eats.The corporate has confirmed a breach, revealing to BleepingComputer (opens in new tab) that knowledge, together with supply code for cell gadget administration platforms (MDMs), IT asset administration experiences, knowledge destruction experiences, Home windows Lively Listing info, e-mail addresses, and “different company info” was stolen through a breach (opens in new tab) to an Amazon Net Companies (AWS) server belonging to asset administration and monitoring service firm Teqtivity.

The true extent of the breach is as but unknown, however one doc alone seen by Bleeping Computer is full of knowledge for over 77,000 staff – though safety researchers have confirmed that this explicit breach shouldn’t have an effect on prospects. Uber’s safety woes The incident is the third identified breach to leak Uber private knowledge lately. In July 2022, TechRadar Professional reported that Uber confessed to masking up a “main” knowledge breach that occurred in 2016 that led to buyer knowledge, together with passwords, being leaked on-line, placing them liable to identification theft.

That leak was, nevertheless, uncovered effectively earlier than then, leading to a £385,000 nice from the UK’s Data Commissioner’s Workplace (ICO) in 2018.In September 2022, the corporate confirmed that one other knowledge breach that affected prospects, made doable by vulnerabilities to its important endpoints,  had occurred that month.

It later admitted that hacking collective Lapsus$ had gained entry to its HackerOne dashboard, which offers insights into a company’s digital safety.Discussion board posts referring to the December breach do reference at the least one particular person member of Lapsus$. Nevertheless, Uber maintains that the September and December breaches are unrelated.“We imagine these information are associated to an incident at a third-party vendor and are unrelated to our safety incident in September. Primarily based on our preliminary evaluation of the knowledge obtainable, the code shouldn’t be owned by Uber; nevertheless, we’re persevering with to look into this matter,” it stated, whereas additionally claiming that it has not seen malicious or uncommon exercise by itself methods.Nonetheless, the newest breach raises considerations across the continued reliance on cloud providers provided by solely a choose variety of corporations, comparable to Amazon, regardless of safety and outage considerations.Uber staff are suggested to be further vigilant looking out for social engineering scams, comparable to phishing assaults, from menace actors seeking to capitalise on the breach.