Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Uber Data Leaked Following Breach at Third-Party Vendor

Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor.

Over the weekend, a user with the moniker ‘UberLeak’ made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems.

Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor.

Over the weekend, a user with the moniker ‘UberLeak’ made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems.

An analysis of the files conducted by SecurityWeek shows source code, internal task management information, encryption keys, and over a dozen documents each containing hundreds or thousands of Uber email addresses.

One spreadsheet named ‘report’ contains what appears to be a list of more than 16,000 employee names and email addresses. Another spreadsheet named ‘users’ contains the names, email addresses and employee IDs for over 5,000 people.

Uber data leak

A very small archive file allegedly associated with the Uber Eats food delivery platform was also leaked by the same user, but it only appears to contain test data.

Uber confirmed in September that a hacker had accessed internal tools after an external contractor’s account was compromised.

However, in a statement to RestorePrivacy, Uber said the new leak is not related to the September incident. Instead, it appears the data originates from IT asset management software provider Teqtivity.

It’s worth noting that the same hacker also leaked 18 Mb and 25 Mb archive files allegedly containing data associated with Teqtivity and travel management company TripActions. These archives appear to contain application source code.

Advertisement. Scroll to continue reading.

Teqtivity published a statement on Monday, confirming that customer data was compromised after a “malicious third party” gained access to its systems.

“The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers,” the company said.

According to Teqtivity, the investigation is ongoing, but so far it has confirmed that the exposed files include device information such as serial number, make and model, and technical specification, as well as user information, including first and last name, work email address, and work location details. The firm said it does not collect personal information such as home addresses, government identification numbers or banking information.

Uber is still investigating the incident, but it said the source code does not seem to belong to the company.

TripActions told SecurityWeek that its data is not impacted by the breach: 

“Following investigations by both TripActions and Teqtivity, it has been determined that no TripActions data was exposed as part of this security incident nor were TripActions customers impacted as part of this security incident. TripActions does not maintain an MDM. We will continue to monitor the situation,” the company said in a statement.  

*updated with statement from TripActions

Related: Serious Breach at Uber Spotlights Hacker Social Deception

Related: Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.