December 13, 2022

Uber has suffered a data breach after a third-party vendor, Teqtivity AWS backup server, was compromised.

Uber experienced yet another data breach, with a hacker sharing the stolen information on BreachForums, the successor forum to the now-defunct RaidForums. The data stolen from Uber and Uber Eats, according to a threat actor known as “UberLeaks.” The threat actor gained access to a Teqtivity AWS backup server, which stores customer data.

Numerous archives claiming to be source code for mobile device management platforms (MDM) used by Uber and Uber Eats, as well as third-party vendor services, have been leaked.

The threat actor allegedly created four distinct topics for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, as well as the third-party Teqtivity MDM and TripActions MDM platforms. All of this information is detailed enough to conduct targeted phishing attacks on Uber employees in order to obtain more sensitive information, such as login credentials.

“The threat actor started with technographic profiling. Unlike traditional demographic profiling, targeting data types and industries that have it, technographic profiling is not based on industry, company size, tax status, geolocation, or other business-defining attributes. No, companies are now being targeted based on their technology and technology users,” Lior Yaari, Chief Executive and co-founder of Grip Security, an Israeli cybersecurity startup said.

However, no Uber user information was discovered in the stolen data when compared to internal code and Uber corporate data. The stolen data did, however, include the personal information of 77,000 Uber employees.

The sources for this piece include an article in BleepingComputer