Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Uber Data Leaked Following Breach at Third-Party Vendor

Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor.

Over the weekend, a user with the moniker ‘UberLeak’ made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems.

Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor.

Over the weekend, a user with the moniker ‘UberLeak’ made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems.

An analysis of the files conducted by SecurityWeek shows source code, internal task management information, encryption keys, and over a dozen documents each containing hundreds or thousands of Uber email addresses.

One spreadsheet named ‘report’ contains what appears to be a list of more than 16,000 employee names and email addresses. Another spreadsheet named ‘users’ contains the names, email addresses and employee IDs for over 5,000 people.

Uber data leak

A very small archive file allegedly associated with the Uber Eats food delivery platform was also leaked by the same user, but it only appears to contain test data.

Uber confirmed in September that a hacker had accessed internal tools after an external contractor’s account was compromised.

However, in a statement to RestorePrivacy, Uber said the new leak is not related to the September incident. Instead, it appears the data originates from IT asset management software provider Teqtivity.

It’s worth noting that the same hacker also leaked 18 Mb and 25 Mb archive files allegedly containing data associated with Teqtivity and travel management company TripActions. These archives appear to contain application source code.

Teqtivity published a statement on Monday, confirming that customer data was compromised after a “malicious third party” gained access to its systems.

“The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers,” the company said.

According to Teqtivity, the investigation is ongoing, but so far it has confirmed that the exposed files include device information such as serial number, make and model, and technical specification, as well as user information, including first and last name, work email address, and work location details. The firm said it does not collect personal information such as home addresses, government identification numbers or banking information.

Uber is still investigating the incident, but it said the source code does not seem to belong to the company.

TripActions told SecurityWeek that its data is not impacted by the breach: 

“Following investigations by both TripActions and Teqtivity, it has been determined that no TripActions data was exposed as part of this security incident nor were TripActions customers impacted as part of this security incident. TripActions does not maintain an MDM. We will continue to monitor the situation,” the company said in a statement.  

*updated with statement from TripActions

Related: Serious Breach at Uber Spotlights Hacker Social Deception

Related: Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...