Uber Hacked Again? – Data from Uber and Uber Eats Published on Hacking Forums

Uber has been the topic of a novel cyberattack. Early on Saturday morning, a possibility actor going by the name of “UberLeaks” began publishing recordsdata on a hacking discussion board identified for revealing data breaches.

Employee electronic mail addresses, company reports, and data on IT sources that had been stolen from a third-birthday celebration supplier are all integrated within the assault.

Specifics of the Uber Files Breach

A colossal collection of archives that claim to be source code for cell gadget administration platforms (MDM) ragged by Uber, Uber Eats, and completely different third-birthday celebration supplier companies and products are among the disclosed data.

The ‘UberLeak’ hacker created four completely different matters on the hacker discussion board, for every MDM platform deployment it had breached.

Represent states that every discussion board topic publish makes a mention of a hacker from the Lapsus$ gang. A colossal collection of excessive-profile hacks and breaches of prestigious companies, particularly Uber, had been the work of Lapsus$. This year’s September saw essentially the most most recent breach at Uber.

Email addresses and Dwelling windows Energetic Directory data for extra than 77,000 Uber workers are among the stolen recordsdata that has been considered.

“The newly leaked data contains source code, IT asset administration reports, data destruction reports, Dwelling windows domain login names and electronic mail addresses, and completely different company recordsdata”.

In particular, Uber has acknowledged that the ideas is novel and used to be stolen from a third-birthday celebration source, no longer as share of the breach in September.

“We imagine these recordsdata are connected to an incident at a third-birthday celebration supplier and are unrelated to our security incident in September. Based on our initial evaluation of the ideas available, the code is no longer any longer owned by Uber; on the opposite hand, we are persevering with to perceive into this topic.” Uber

Per security researchers who procure investigated the disclosure, none of Uber’s possibilities are talked about within the hacked data, which relates to internal industry recordsdata.

Nonetheless, it has been told that the exposed data has enough specifics to enable focused phishing attacks towards Uber workers in uncover to manufacture extra fascinating data, just like login credentials.

Uber also disclosed that possibility actors had factual breached Teqtivity, a platform it makes use of for asset administration and tracking companies and products, and had stolen its data. Uber identified a Teqtivity data breach perceive made public this afternoon, which says that a possibility actor received accumulate entry to to a Teqtivity AWS backup server that Teqtivity makes utilize of to store data for its possibilities.

“The third birthday celebration is still investigating but has confirmed that the details we’ve considered up to now came from its methods, and up to now, we procure no longer considered any malicious accumulate entry to to Uber’s internal methods,” said Uber.

Therefore, earlier than replying to any phishing emails pretending to be from Uber IT motivate, all workers of the corporate might possibly still double-take a look at the ideas.