Uber Probing Hack of Third-Party Vendor After Employee Data, Source Code Leaked

Uber believes the leaked files are related to an incident at a third-party vendor and are unrelated to the company's security incident in September.

By Katrina Manson, Bloomberg | Updated: 13 December 2022 11:52 IST

Uber Probing Hack of Third-Party Vendor After Employee Data, Source Code Leaked

Photo Credit: Reuters

Uber faced a hack in September as well

Highlights

Data of 77,000 Uber employees was leaked in the hack
Hack targeted third-party vendor Teqtivity, which tracks IT equipment
Latest Uber breach follows September hack by extortion group Lapsus$

Uber Technologies Inc. said it's investigating the hack of a third-party vendor that reportedly resulted in the leak of data from the ride-hailing company, including employee email addresses.

The vendor, Teqtivity, which helps manage and track information technology equipment such as phones and computers, on Monday confirmed the cyberattack.

More than 77,000 Uber employees' email addresses and other data, including alleged source code associated with mobile device management platforms used by Uber and Uber Eats, have been leaked as part of the recent hack, according to a report from Bleeping Computer, which covers information security and technology news.

Uber Files Whistleblower Says Business Model 'Absolutely Unsustainable'

“We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September,” said Carissa Simons, the Uber spokesperson. “Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.”

Teqtivity said in a statement it doesn't collect or store sensitive information such as bank account details or government identification numbers. The exposed data includes device information such as serial number, make and model as well as user information such as full name, work email address and location.

Teqtivity said customer data was compromised due to unauthorized access to its systems by a malicious third party. The hacker was was able to gain access to the Teqtivity AWS backup server that houses the company's code and data files related to its customers, according to the company.

Uber Says No Evidence of Sensitive User Data Loss During Hack: Report

Teqtivity has notified law enforcement officials and hired a forensics firm to investigate all logs and server configuration.

The leak is the latest breach to affect Uber. Uber said the attackers (or attacker) responsible for a September breach were affiliated with the notorious extortion group called Lapsus$ and had likely infected a contractor's personal device with malware and then bought that person's password on the dark web.

In that instance, the intruders were able to get into several employee accounts and had security permissions for Uber's G-Suite and Slack, among other internal tools.

In October, former Uber security chief Joe Sullivan was found guilty of hiding a massive 2016 data breach from federal regulators

The Chromecast with Google TV that runs on Android TV is here. When will Google learn how to name products? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.