by
Uber Technologies Inc. has suffered yet another data breach, with a hacker sharing the stolen data on BreachForums, the successor forum for the now-shuttered RaidForums.
The unimaginative hacker goes by the name of “UberLeak.” A post on BreachForums reads, “Hacked by autistic fisherman Arion and scammed all LAPSUS$ members.” Lapsus$ is an infamous hacking group, but aside from the forum post, there is no indication of any link to the group.
The leaked data includes numerous archives claiming to be source code associated with the mobile device management platforms used by Uber, the company’s food delivery service Uber Eats and third-party vendor services. No Uber user information was found in the stolen data versus internal code and Uber corporate data. However, the stolen data did include the details of 77,000 Uber employees.
“Given that the data is now publicly accessible, as opposed to being sold to a single party, anyone could use it to launch targeted phishing attacks against Uber employees,” Paul Bischoff, privacy advocate at tech research site Comparitech Ltd., told SiliconANGLE. “These attacks could trick Uber staff into giving up login credentials, leading to further, more consequential attacks. Even if only a handful of employees out of the 77,000 affected were to fall victim to a phishing scam, it could be detrimental to Uber and its customers.”
A spokesperson for Uber told Bleeping Computer today that the “files are related to an incident at a third-party vendor and are unrelated to our security incident in September.” The security incident in September was reported at the time as involving a hacker breaching internal systems and leaving messages that they had accessed critical information.
Uber pointed to a security notice today from information technology asset management software company Teqtivity Inc. The breach notification statement states that a malicious third party was able to again to the company’s Amazon Web Services Inc. backup server that housed Teqtivity code and data files related to customers.
The number of times Uber has hacked or suffered data breaches is difficult to count. To say that Uber was breached yet again is to say the sun rises in the east. Companies have shut down for far less than Uber’s ongoing cybersecurity issues, but the company seems to get a free pass.
Among nearly countless Uber data breaches, its most infamous data breach occurred in 2016. It wasn’t even the theft of 57 million personally identifiable information customer records that most will remember the data breach for, as opposed to the fact that former Uber Chief Security Officer Joe Sullivan covered it up.
Sullivan was found guilty of obstruction of justice and “misprision” or concealment of a felony in October. As noted when he was found guilty, Sullivan had previously played a pivotal role in responding to U.S. Federal Trade Commission inquiries about Uber’s cybersecurity practices following an earlier breach in 2014.
“Unfortunately due to historical events, Uber will not only continue to be a target but will also be under a microscope when it comes to security incidents,” explained Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc. “If this is indeed data collected from a third party, it does serve to remind organizations that any time other parties have access to information, it can potentially be an issue.”
Stephan Chenette, co-founder and chief technology officer at real-time cybersecurity readiness company AttackIQ Inc., noted that “besides the high-profile breach that occurred three months ago that caused the company’s internal databases to be hacked, Uber also faced other significant attacks in the past, such as a massive data breach in 2016 that exposed the data of about 57 million customers and drivers. The failed protection of a third-party vendor in the most recent attack reveals that companies everywhere must better prioritize their cybersecurity measures.”
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
The war over semiconductor chips between the US and China is heating up
New Palo Alto Networks security products assist with data, analytics and automation
Snyk closes on $196.5M late-stage funding round but its value drops
Uber has been hacked yet again with code and employee data released online
Oracle’s stock posts small gain as cloud powers strong revenue growth
Trilio raises $17M for its cloud-native data protection service
The war over semiconductor chips between the US and China is heating up
POLICY – BY . 44 MINS AGO
New Palo Alto Networks security products assist with data, analytics and automation
SECURITY – BY . 1 HOUR AGO
Snyk closes on $196.5M late-stage funding round but its value drops
SECURITY – BY . 1 HOUR AGO
Uber has been hacked yet again with code and employee data released online
SECURITY – BY . 2 HOURS AGO
Oracle’s stock posts small gain as cloud powers strong revenue growth
CLOUD – BY . 2 HOURS AGO
Trilio raises $17M for its cloud-native data protection service
CLOUD – BY . 4 HOURS AGO
Forgot Password?
Like Free Content? Subscribe to follow.
source
—
Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…