Uber Technologies Inc. said it was investigating a hack by a third-party vendor that allegedly led to the leak of data from the ride-hailing company, including employee email addresses.
Uber Technologies Inc. said it was investigating a hack by a third-party vendor that allegedly led to the leak of data from the ride-hailing company, including employee email addresses.
Vendor, Teqtivity, helps manage and track Information Technology devices such as phones and computers, on Monday confirmed the cyber attack.
More than 77,000 won Uber Employee email addresses and other data, including source code allegedly related to mobile device management platforms used by Uber and Uber Eats, were leaked as part of a recent hack. here, according to a report from Bleeping Computercovers information security and technology news.
“We believe these files are related to an incident at a third-party provider and not related to our security incident in September,” said Carissa Simons, an Uber spokeswoman. “Based on our initial assessment of the information available, this code is not owned by Uber; However, we are continuing to look into this matter.”
Teqtivity said in a statement that it does not collect or store sensitive information such as bank account details or government identifiers. The exposed data includes device information such as serial number, make and model, as well as user information such as full name, work email address, and location.
Teqtivity said customers’ data was compromised as a result of malicious third parties gaining unauthorized access to their systems. According to the company, hackers were able to gain access to the Teqtivity AWS backup server, which contains the company’s code and data files related to its customers.
Teqtivity notified law enforcement officials and hired a forensics company to investigate all logs and server configurations.
The leak is the latest breach to affect Uber. Uber says the attackers (or attackers) responsible for the September breach were linked to a notorious blackmail group called Lapsus$ and likely infected the device with malware. personal contractor, then buy that person’s password on the dark web.
In that case, the intruders could gain access to some of the employees’ accounts and gain security rights to Uber’s G-Suite and Slack, among other internal tools.
In October, former Uber security chief Joe Sullivan was found guilty of hiding a massive 2016 data breach from federal regulators.
