Uber Technologies recently suffered a brand-new data breach after a malicious actor leaked the email addresses of its employee, IT asset information and corporate reports. The compromised data was originally stolen in a cyberattack from a third-party vendor connected to Uber. It is vital for all enterprises and organisations to ensure that any other firms they work with adopt the same level of cybersecurity as they do to avoid incidents like data breaches.

Personal and company data disclosed on the web

On December 10, 2022, a threat operator calling themselves ‘UberLeaks’ started leaking data that was allegedly stolen from Uber Eats and Uber. The data was posted on a hacking forum that is well-known for publishing information obtained through data breaches.

The data leaked includes several archive files claiming to contain source code that is associated with the dedicated mobile device management platforms currently employed by Uber Eats and Uber and some of its third-party vendor services.

The malicious actor created four different topics, allegedly designed for MDM platforms used by Uber, including Uber MDM at uberhub.uberinternal.com, TripActions MDM, Uber Eats MDM, and Teqtivity MDM.

Uber’s data leaked via a hacking forum

Every post listed by the malicious actor refers to a specific member of the infamous Lapsus$ hacking group. Lapsus$ is believed by many experts to be responsible for multiple high-profile attacks. These incidents include a cyberattack in September on Uber, where hackers obtained access to the company’s internal network and its Slack server.

Reports by computing help site BleepingComputer suggest that the recently leaked data includes source code, data destruction and IT asset management reports, login names for company Windows domains login, and employee email addresses, among other corporate information.

Out of the documents viewed by the help site, Windows Active Directory information and email addresses were included for more than 77,000 employees of Uber.

Early assessment led experts to believe that the data viewed was stolen in the September attack. However, Uber believes it is directly related to a third-party vendor suffering a security breach.

Uber commented:

“We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September. Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.”

Cybersecurity researchers who have analysed the data breach have weighed in, stating that the leaked information concerns internal Uber corporate information. It does not include data on any of the company’s customers.

However, those who have viewed the compromised files leaked online have confirmed that the exposed information contains enough details to be dangerous to Uber staff members. It could be used to carry out targeted phishing attacks on them with the aim of obtaining even more sensitive data, like login credentials.

For this reason, all employees of Uber whose information was exposed are advised to keep their eyes open for phishing emails that impersonate Uber IT support. Instead of directly replying to emails, they should confirm any requests for information with Uber IT admins.