Again stolen Uber data landed on the dark web

B2B Cyber ​​Security ShortNews

Share post

Driving service provider and food supplier Uber has had to admit a loss of data again, even if the data is said to have come from a third-party provider. The hacker “UberLeaks” claims to have stolen the data from Uber and Uber Eats.  

According to the portal bleepingcomputer, Uber has suffered a new data breach. Data and e-mail addresses of employees, company reports and IT asset information are said to have appeared on the Internet. According to Uber, however, the data was stolen from a third-party provider.

Hacker “UberLeaks” announces dates

The UberLeaks account has announced that it will leak Uber data to a hacking forum known for posting data breaches. He also claims there that he stole them from Uber and Uber Eats. The leaked data included aloud bleepingcomputer numerous archives claiming to be source code associated with mobile device management (MDM) platforms used by Uber and Uber Eats and third-party services.

It was not until September that Uber officially lost some data after a successful hack. The new data should even contain employee data from 77.000 employees. Although Uber claims the data came from a different source, security researchers who analyzed the leak told bleepingcomputer that the leaked data is related to Uber's internal company information and does not include any of its customers.

What experts say about it

Ian McShane, Vice President of Strategy Arctic Wolf, shares his opinion on security breaches and supply chain cyber attacks, especially Uber: “In recent years we have seen that companies are increasingly at risk of being either the 'target' of cyber attacks or 'gateway' for hacking attacks on other organizations to become in the supply chain. If the renewed Uber cyber incident is actually a Mobile Device Management (MDM) breach by a third-party company and not "just" a theft of login data, it can be assumed that other companies will soon find out that their data fell into the wrong hands through no fault of their own. And I wouldn't be surprised if we see more incidents of this nature in the new year."

“Even though dealing with such incidents can overwhelm companies, the current Uber event is a reminder: companies must have comprehensive knowledge of their own supply chain. It is crucial to minimize duplication and reduce cyber risk by conducting thorough scrutiny of suppliers and their associated organisations. Vendor risk assessment is an important aspect of any organization’s security efforts and must be a priority in 2023.”

 

Matching articles on the topic

Perfidious cyber attacks on hotels

Criminals are increasingly exploiting the well-meaning service spirit of hotel employees: Sophos X-Ops has uncovered several cases of a “malspam” campaign that targets ➡ Read more

Researchers find 26 billion access data on the web

A package with 26 billion data records containing access data appeared online. It is said to contain user access data at many companies ➡ Read more

Data offering: Every third company appears on the dark web

In the last two years, one in three companies worldwide have offered compromised data for sale on the dark web. A big ➡ Read more

Fast food chain Subway probably victim of Lockbit

Many sources indicate that the Subway company was the victim of a cyberattack by LockBit. The operator Subway is there ➡ Read more

Russian APT group attacked Microsoft 

According to its own information, Microsoft was attacked by Midnight Blizzard on January 12, 2024. The Russian-sponsored actors had ➡ Read more

Many German chambers of crafts remain offline

The IT service provider ODAV was the victim of a cyber attack at the beginning of January. Because the service provider provides many services for the German Chamber of Crafts ➡ Read more

Security awareness against phishing attacks

The increasing spread of deepfake and AI technologies poses a serious threat, particularly in the area of ​​phishing attacks. These technologies enable ➡ Read more

Cat and mouse game in IT security

Looking back at 2023, we can see that the topic of AI has had a significant impact on IT security. That will too ➡ Read more