Uber falls victim to supply chain attack, employee details exposed • The Register

Uber, which has suffered some data thefts in its time, is this week dealing with the aftermath of more information being stolen, this time by one of its technology suppliers.

A cybercriminal calling itself “UberLeaks” leaked data over the weekend on BreachForums, a website that surfaced in April after another website, RaidForums, was shut down. Uber executives said the leaked information came not from September’s massive security breach but from an attack on Teqtivity, a vendor whose software allows companies to keep tabs on their IT assets like phones and computers, and which works for Uber runs.

The post on BreachForums implied that high-profile threat group Lapsus$ was involved, although there appears to be no other evidence to suggest this.

According to a statement from Teqtivity, an attacker gained access to a company’s backup server hosted by Amazon Web Services, which was storing code and data files from Teqtivity customers such as Uber.

We were told that no Uber customer data was affected, but information on more than 77,000 Uber and Uber Eats employees was leaked. Some data also related to third-party services and mobile device management platforms used by Uber.

Teqtivity “does not collect or store sensitive personal information such as bank account details or government identification numbers (e.g. social security numbers, tax ID numbers) and therefore does not collect or store consumer, driver or courier information,” an Uber spokesman said The registry.

According to Teqtivity, the data captured by the intruder includes device information such as serial numbers, makes, models, and technical specifications, as well as user information such as first and last names, work email addresses, and work locations.

The incident highlights the ongoing threat of third-party attacks, a threat brought to the fore by the 2020 SolarWinds attack, a cyberespionage incident that victimized sections of the US government.

According to a report this year from the Ponemon Institute, half of more than 1,000 organizations surveyed said they had been the victim of a third-party data breach in the past 12 months.

“Compromised third parties and suppliers are… a major challenge for security organizations to identify as they often have authorized access to internal systems even if they are orphaned or the organization is no longer a supplier,” Sanjay Raja, VP of Product Marketing and Solutions at by the security analysis company Gurucul The registry.

Though Uber user information hasn’t been leaked, the impact of the breach could spill over to them, according to Paul Bischoff, privacy officer at technology research firm Comparitech.

“Given that the data is now in the public domain and not sold to a single party, anyone could use it to launch targeted phishing attacks against Uber employees,” Bischoff said. “These attacks could trick Uber employees into divulging credentials, which would lead to further, more consequential attacks. Even if just a handful of the 77,000 affected employees were to fall victim to a phishing scam, it could hurt Uber

Uber is no stranger to data breaches. In 2016, the company discovered that 57 million customer and driver records had been stolen, although the company only admitted to the incident in November 2017. Joe Sullivan, Uber’s chief security officer at the time, was charged in 2020 with covering up the breach. He was found guilty of obstruction of justice and concealing a crime from law enforcement in October. Uber was also fined $148 million in 2018.

Teqtivity said it contacted law enforcement officials and hired a forensic firm to examine logs and server configurations and a security team to conduct a penetration test of the infrastructure.

Several cybersecurity experts said The registry that companies must prioritize vulnerability management and patching of third-party software and implement file-level protection and then validate that vendors are doing the same. They also need to know where they are at all times to protect their data.

However, even implementing such measures does not guarantee that an attacker will not access the data, according to David Maynor, senior director of threat intelligence at security training firm Cybrary.

“Third parties, first parties and college parties all suffer from the same problem: party crashers,” Maynor said The registry. “Party crashers are almost impossible to stop and can ruin everyone’s good time. Much like in real life, a victim of malicious party crashers can only clean up, assess their safety and better train their staff.” ®

https://www.theregister.com/2022/12/13/uber_data_breach_teqtivity/ Uber falls victim to supply chain attack, employee details exposed • The Register

Rick Schindler

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@worldtimetodays.com. The content will be deleted within 24 hours.

Related Articles

Back to top button