Uber Experiences Another Cyber Incident
Category: Data Breach | Industry: Transportation | Level: Strategic | Source: BleepingComputer
BleepingComputer reports Uber, the transportation provider, experienced its second cyber security incident in the last three months. Signs of the breach were discovered on Saturday, December 10th, as a threat actor under the account name 'UberLeaks' leaked company data for Uber and Uber Eats' mobile device management platforms (MDM) on a data breach forum. "The threat actor created four separate topics, allegedly for Uber MDM at uberhub.uberinternal[.]com and Uber Eats MDM, and the Teqtivity MDM and TripActions MDM platforms used by the company," Uber alleges the incident is the result of a breach from a third-party vendor. Data identified to be compromised in the incident include source codes, Windows domain login names, Windows Active Directory information, employee email addresses, corporate reports, IT reports, and information associated with the third-party's services.
This exposed dataset is alleged by Uber to be separate from its breach in September of 2022. In a statement by Uber, “We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September. Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.” Current analysis of the data dump from security researchers did not identify any customer data. Unfortunately, the abundant Uber corporate information is and can readily be used by threat actors, "we are told that the leaked data contains enough detailed information to conduct targeted phishing attacks on Uber employees to acquire more sensitive information, such as login credentials." Interestingly each of the posts made by 'UberLeaks' contains a reference to the Lapsus$ hacking group. Although the group is framed as the culprit for Uber's September breach, their involvement in this incident is yet to be identified.