Introduction
Nobody is safe from the recent plague of supply chain attacks…not even one of the largest ride share apps in the world! With over 100M users, Uber understandably needs some help with asset management and tracking. They use a company called Teqtivity to do it.
Over the weekend, a threat actor who calls themselves UberLeaks got in to the database by first infiltrating Teqtivity. They then leaked nearly 80M employee records.
What Happened and Who Was Affected
Supply chain attacks: They’re getting more and more common these days. What are these attacks? Essentially, cybercriminals target software developers and suppliers who vend a particular database that the threat actor wants to target. This lets them mess with the code and send malware or some other threat to everyone who uses that software.
Instead of going after Uber directly, they infiltrated Teqtivity first. Once they compromised Uber too, the cybercriminal posted the stolen data on a popular hacking forum. The information leaked included employees’ email addresses, confidential reports, an Active Directory of over 77K employees and other assets. That’s not all: They also obtained information on employees’ devices where they store the app, as well as details on their work location.
Users of both UberEats and Uber can rest assured that the leaked data didn’t include any customer information, but it does contain enough about everyone who works there to phish them for further information. If you’re one of the nearly 80K employees at risk, be on the lookout for suspicious requests especially if they seem to come from “Uber IT” or “Uber Support.”
Uber’s Response
In a news update published to their website, Uber explained some of the precautions they are taking in light of this data breach. The actions taken include:
- Disabling infected (or potentially infected) tools on their platform
- Locking their codebase so no changes can be made to it
- Resetting access to internal services and requiring employees to re-authenticate before they can gain back access
- Strengthening their multi-factor authentication overall
- Extra system monitoring moving forward to catch further suspicious behavior
These are just some of the actions taken to help mitigate the damage of this data leak.
Conclusion
This isn’t the first data breach that has targeted Uber. It’s not even the first this year. However, this one is unique as it highlights the growing threat of supply chain attacks and just goes to show that ANYONE can be the victim or unknowing perpetrator of dangerous code.
Regardless of if you are an employee with Uber, EVERYONE with the app should remain alert. We have yet to see evidence that they accessed customer accounts or information, but further malicious behavior will likely follow in the coming weeks. Stay alert to followup messages from Uber with updates on the situation, and be extra on guard for phishing messages in the coming weeks.
References
- https://www.bleepingcomputer.com/news/security/uber-suffers-new-data-breach-after-attack-on-vendor-info-leaked-online/
- https://www.businessofapps.com/data/uber-statistics/
- https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/supply-chain-malware?view=o365-worldwide
- https://www.uber.com/newsroom/security-update/