Uber breach and crucial need to include third parties in any risk assessment

In early December, ride hailing platform Uber suffered a data breach after a threat actor leaked the firm’s email addresses, corporate reports, and IT asset information stolen from Teqtivity, a third-party vendor which provides asset management and tracking services for the company.

Early Saturday morning, a threat actor named ‘UberLeaks’ began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches.

The leaked data consisted of numerous archives alleged to be source code associated with mobile device management platforms (MDM) used by Uber, Uber Eats and third-party vendor services.

The attacker created four separate topics, allegedly for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, and the third-party Teqtivity MDM and TripActions MDM platforms.

Each post refers to a member of the Lapsus$ hacking group which is believed to be responsible for numerous high-profile attacks, including a September cyberattack on Uber where threat actors gained access to the internal network and the company’s Slack server.

According BleepingComputer, the newly leaked data consists of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses, and other corporate information.

The news website reported that one of the documents it had accessed included email addresses and Windows Active Directory information for over 77,000 Uber employees.

Even though BleepingComputer had initially assumed that the data was stolen during the September attack (referenced on the above link), Uber clarified that it believed data was related to a security breach on a third-party vendor.

“We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September. Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter,” stated Uber.

Security analysts told BleepingComputer that the leaked data was related to internal Uber corporate information and did not include any of its customers.

Following the latest Uber data breach, which was conducted by compromising the firm’s data at a third party vendor’s infrastructure, security analysts are continuing to weigh in other incident, offering their perspectives on what could have been done differently as well as how to guard against possible future attacks.

David Emm, the principal security researcher at Kaspersky’s GReAT, noted that cyberattacks on supply chains are becoming more frequent, more sophisticated, and even more complex.

The data breach at Uber, noted David Emm, was most likely another example of trust being violated somewhere along a company’s supply chain, adding that such an incident is “why including third parties in any risk assessment is critical”. 

“No one is exempt from data theft. In fact, cyberattacks on supply chains are becoming more frequent, more sophisticated, and even more complex. The rumoured data breach at Uber is most likely another example of trust being violated somewhere along a company’s supply chain. This is why including third parties in any risk assessment is critical. This means identifying all suppliers and the assets that need protecting and ensuring that you are ready to respond when a cyber-incident or crisis occurs so that recovery can be quick,” stated Emm.

“Recent Kaspersky research found that 6 in 10 organisations would never work with a business that has suffered a data breach. This shows that it isn’t just important for a business to assess its supply chain, but for all suppliers to ensure they are secure as even a small breach could cost them business in the future. The first practical step organisations can take right now to mitigate risk is to actively start monitoring IT environments. If you work on the assumption that an attacker has already penetrated your network and are on the lookout for signs of intrusion, rather than just assuming you are blocking attacks, you are more likely to eliminate an attack at the perimeter before it takes place.”


Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.