Driving service provider and food supplier Uber has had to admit a loss of data again, even if the data is said to have come from a third-party provider. The hacker “UberLeaks” claims to have stolen the data from Uber and Uber Eats.
According to the portal bleepingcomputer, Uber has suffered a new data breach. Data and e-mail addresses of employees, company reports and IT asset information are said to have appeared on the Internet. According to Uber, however, the data was stolen from a third-party provider.
Hacker “UberLeaks” announces dates
The UberLeaks account has announced that it will leak Uber data to a hacking forum known for posting data breaches. He also claims there that he stole them from Uber and Uber Eats. The leaked data included aloud bleepingcomputer numerous archives claiming to be source code associated with mobile device management (MDM) platforms used by Uber and Uber Eats and third-party services.
It was not until September that Uber officially lost some data after a successful hack. The new data should even contain employee data from 77.000 employees. Although Uber claims the data came from a different source, security researchers who analyzed the leak told bleepingcomputer that the leaked data is related to Uber's internal company information and does not include any of its customers.
What experts say about it
Ian McShane, Vice President of Strategy Arctic Wolf, shares his opinion on security breaches and supply chain cyber attacks, especially Uber: “In recent years we have seen that companies are increasingly at risk of being either the 'target' of cyber attacks or 'gateway' for hacking attacks on other organizations to become in the supply chain. If the renewed Uber cyber incident is actually a Mobile Device Management (MDM) breach by a third-party company and not "just" a theft of login data, it can be assumed that other companies will soon find out that their data fell into the wrong hands through no fault of their own. And I wouldn't be surprised if we see more incidents of this nature in the new year."
“Even though dealing with such incidents can overwhelm companies, the current Uber event is a reminder: companies must have comprehensive knowledge of their own supply chain. It is crucial to minimize duplication and reduce cyber risk by conducting thorough scrutiny of suppliers and their associated organisations. Vendor risk assessment is an important aspect of any organization’s security efforts and must be a priority in 2023.”