Uber Dealing with Data Breach After Attack on Vendor

Uber Dealing with Data Breach After Attack on Vendor

Uber Technologies Inc. is currently investigating the hack of its vendor, Teqtivity, which helps manage and track information technology equipment. The cyberattack has leaked data and the email addresses of over 77,000 Uber employees. Some of this data includes archives which are believed to be source code associated with mobile device management platforms used by Uber and Uber Eats. This source code is extremely valuable to cyber-criminals as it forms part of the company’s intellectual property and can be used to find other vulnerabilities that will open the door to further cyberattacks.

Teqtivity has stated that they do not collect or store sensitive information such as bank account information or government ID numbers, but the exposed data includes device information along with employee information such as full name, email addresses, and location. This information could result in hackers targeting these employees with spear-phishing attacks, which is when hackers send emails from a known or trusted sender in an attempt to induce those targeted individuals to reveal confidential information.

Teqtivity has said that the data was compromised due to unauthorized access to its systems by a third party which was able to gain access to the AWS backup server which houses the company’s code and data files related to customers. Teqtivity has notified law enforcement officials and hired a forensics team to investigate all logs and servers. At the time, Uber says this breach is unrelated to the attack from September, which was attributed to a notorious extortion gang, Lapsus$. Uber spokesperson, Carissa Simons, said “Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.”

Find our more: