1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Uber sees employee data leaked following cyberattack

    From TechnologyDaily@1337:1/100 to All on Tue Dec 13 18:15:04 2022
    Uber sees employee data leaked following cyberattack

    Date:
    Tue, 13 Dec 2022 17:56:41 +0000

    Description:
    Attack on third party vendor means Uber appears to have suffered another data leak.

    FULL STORY ======================================================================

    A hacking forum has four new topics purporting to contain newly leaked corporate data from Uber and Uber Eats.

    The company has confirmed a breach, revealing to BleepingComputer that data, including source code for mobile device management platforms (MDMs), IT asset management reports, data destruction reports, Windows Active Directory information, e-mail addresses, and other corporate information was stolen via a breach to an Amazon Web Services (AWS) server belonging to asset management and tracking service company Teqtivity.

    The true extent of the breach is as yet unknown, but one document alone seen by BleepingComputer is stuffed with data for over 77,000 employees - although security researchers have confirmed that this particular breach should not affect customers. Ubers security woes

    The incident is the third known breach to leak Uber personal data in recent years.

    In July 2022, TechRadar Pro reported that Uber confessed to covering up a major data breach that occurred in 2016 that led to customer data, including passwords , being leaked online, putting them at risk of identity theft .

    That leak was, however, uncovered well before then, resulting in a 385,000 fine from the UKs Information Commissioners Office (ICO) in 2018.

    In September 2022, the company confirmed that another data breach that affected customers, made possible by vulnerabilities to its critical
    endpoints , had occurred that month. It later admitted that hacking
    collective Lapsus$ had gained access to its HackerOne dashboard, which provides insights into an organizations digital security. Read more

    Check out our list of the best identity management software right now

    What Is IAM? Understanding Identity & Access Management

    What is Zero Trust Network Access?

    Forum posts relating to the December breach do reference at least one individual member of Lapsus$. However, Uber maintains that the September and December breaches are unrelated.

    We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September. Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter, it said, while also claiming that it has not seen malicious or unusual activity on its own systems.

    Nevertheless, the latest breach raises concerns around the continued reliance on cloud services offered by only a select number of companies, such as Amazon, despite security and outage concerns .

    Uber employees are advised to be extra vigilant on the lookout for social engineering scams, such as phishing attacks, from threat actors looking to capitalise on the breach. Heres our list of the best cloud firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/uber-sees-employee-data-leaked-following-cybera ttack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)