SCAMMERS ALERT READ THIS ASAP!
SS7

Uber is the victim of a new data breach, after an attack on a vendor. Information leaked online

Posted on by ss7

Uber was the victim of a data breach. A threat actor leaked corporate emails, reports and IT asset information from third parties in an incident involving cybersecurity.

A threat actor called UberLeaks began leaked data on Saturday morning allegedly taken from Uber and Uber Eats via a hacking site known for publishing data breaches.

Leaked data contains numerous archives that claim to contain source code for mobile device management platforms (MDM), used by Uber, Uber Eats, and other third-party vendors.

The threat actor created four separate topics, allegedly for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, and the Teqtivity MDM and TripActions MDM platforms used by the company.


Uber data leaked on a hacking forum



Source: BleepingComputer

Every post is a reference to one member of Lapsus$ hacking who is thought to have been responsible for many high-profile attacks. This includes a , where threat actors gained entry to the company’s Slack servers.

BleepingComputer was informed that newly released data includes source code, IT asset reports and data destruction reports. It also contains Windows domain login names, email addresses and other corporate information.

BleepingComputer has seen a document that contains email addresses as well as Windows Active Directory information about more than 77,000 Uber employees.

Although BleepingComputer originally believed that this data had been stolen in the September attacks, Uber informed BleepingComputer that it thinks it was related to security breaches on third-party vendors.

These files may be related to an incident at third-party vendors and not to the September security breach. Uber has not yet confirmed that the code was in its possession. However, our initial examination of information revealed that it is.

BleepingComputer was informed by security researchers that they had analyzed the data leak. They said the information is internal Uber company information, and did not contain any customers.

We are informed that this data is sufficient to target phishing attacks against Uber employees in order to obtain more sensitive information such as login credentials.

All Uber employees need to be alert for emails posing as Uber IT Support. Before responding, they should confirm any information with IT administrators.

BleepingComputer reached out to Uber and TripActions with additional questions about the incident, but did not receive a response.

ss7