Another Uber data breach took place last week, and the company has indicated that a third-party vendor is responsible. Customer profile and payment information is not thought to be involved, but the attackers got away with a broad variety of internal company information if the contents of dark web forum posts are to be believed.
The breach took place on December 12, and the compromised files included some from two third-party vendors: TripActions and Teqtivity. Though it does not mention Uber in any way, Teqtivity recently published a breach notification indicating it was compromised on December 12. While Uber has yet to make a formal statement assigning blame (as it continues to conduct an internal probe of the incident), Teqtivity would appear to be the likely source given the timing and that TripActions has denied that it has been breached.
Third-party vendor vulnerability created pathway to Uber corporate information
The Uber data breach consists of an assortment of sensitive internal data: source code and employee contact information being the most concerning items that have been revealed thus far. The breach is thought to have impacted about 77,000 employees in total, but for some the leaked data may be limited to internal company ID numbers and work email addresses.
The dark web forum posts mention Lapsus$, the notorious state-backed North Korean hacking group that has been on a major cyber crime spree in 2022. However, this appears to be a teasing reference rather than an attribution (Lapsus$ is thought to be behind a prior Uber data breach that took place in September). The perpetrator is still unknown, but they seem to be more interested in damaging the company by sharing the stolen files for free rather than shaking it down for a payment.
There does not appear to be much that directly puts employees at risk as of yet, but the information will likely be put to use in targeted phishing attempts. Uber and Uber Eats employees are impacted along with the two third-party vendors the company has named. Assuming that Teqtivity was the source of the breach, it remains possible that downstream companies other than Uber may have been compromised.
Was the Uber data breach a case of “hacktivism”?
This data breach has raised more questions than usual, given that the hacker only appears to be interested in exposing internal company information for no profit. The questions multiply if they were able to access other companies via the third-party vendor breach but chose to focus exclusively on Uber instead.
Between that and the fact that some 20 million records were stolen in total, there are likely to be future developments in this Uber data breach story. For the moment, employees of the impacted companies are advised to prepare for a wave of incoming attempts to trick them into giving up login information, and Teqtivity clients may also want to review their security posture and scan for any signs of infiltration.