Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Uber Data Leaked Following Breach at Third-Party Vendor

Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor.

Over the weekend, a user with the moniker ‘UberLeak’ made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems.

Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor.

Over the weekend, a user with the moniker ‘UberLeak’ made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems.

An analysis of the files conducted by SecurityWeek shows source code, internal task management information, encryption keys, and over a dozen documents each containing hundreds or thousands of Uber email addresses.

One spreadsheet named ‘report’ contains what appears to be a list of more than 16,000 employee names and email addresses. Another spreadsheet named ‘users’ contains the names, email addresses and employee IDs for over 5,000 people.

Uber data leak

A very small archive file allegedly associated with the Uber Eats food delivery platform was also leaked by the same user, but it only appears to contain test data.

Uber confirmed in September that a hacker had accessed internal tools after an external contractor’s account was compromised.

However, in a statement to RestorePrivacy, Uber said the new leak is not related to the September incident. Instead, it appears the data originates from IT asset management software provider Teqtivity.

It’s worth noting that the same hacker also leaked 18 Mb and 25 Mb archive files allegedly containing data associated with Teqtivity and travel management company TripActions. These archives appear to contain application source code.

Advertisement. Scroll to continue reading.

Teqtivity published a statement on Monday, confirming that customer data was compromised after a “malicious third party” gained access to its systems.

“The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers,” the company said.

According to Teqtivity, the investigation is ongoing, but so far it has confirmed that the exposed files include device information such as serial number, make and model, and technical specification, as well as user information, including first and last name, work email address, and work location details. The firm said it does not collect personal information such as home addresses, government identification numbers or banking information.

Uber is still investigating the incident, but it said the source code does not seem to belong to the company.

TripActions told SecurityWeek that its data is not impacted by the breach: 

“Following investigations by both TripActions and Teqtivity, it has been determined that no TripActions data was exposed as part of this security incident nor were TripActions customers impacted as part of this security incident. TripActions does not maintain an MDM. We will continue to monitor the situation,” the company said in a statement.  

*updated with statement from TripActions

Related: Serious Breach at Uber Spotlights Hacker Social Deception

Related: Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...