IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Uber says compromised third-party to blame for data breach

Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three months

Ride hailing giant Uber has revealed it is responding to data breach that it says occurred as a result of a compromised third-party vendor.

Over the weekend, a threat actor operating under the name ‘UberLeaks’ posted sensitive information to a popular hacking forum, which they claimed originated from Uber and Uber Eats.

The threat actors claimed that data included source code and IT asset management reports, as well as domain login details, email addresses, and sensitive corporate information, according to a report from BleepingComputer.

The information, which has been analysed by security experts, is believed to include email addresses and information pertaining to more than 77,000 employees.

Initial reports suggest that the incident is not related to a previous breach disclosed by the firm in October.

A spokesperson for Uber told BleepingComputer that the breach is “related to an incident at a third-party vendor and unrelated to our security incident in September.”

“Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter,” the spokesperson added.

Third-party vendor breach

Following a preliminary investigation into the breach, Uber has since confirmed that the incident came as a result of a compromised third-party vendor, Teqtivity.

Teqtivity is one of a number of third-party companies that Uber relies on to support services. The firm helps Uber track, monitor and manage IT assets, including mobile devices and computers.

In a statement, Teqtivity confirmed the breach and said it has launched an investigation into the matter.

“We are aware of customer data that was compromised due to unauthorised access to our systems by a malicious third party,” the company said.

“The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers.”

According to the firm, exposed data includes information pertaining to:

  • User information such as work location details, full names and work email addresses
  • Device information, including serial numbers, make, models and technical specifications

Teqtivity revealed it is working with a third-party forensics team to investigate the breach. A third-party security team has also been retained to begin penetration testing of the firm’s infrastructure.

"Our investigation is ongoing. However, we have notified affected customers of the incident and have taken steps to ensure the situation is contained and have prevented this type of event from happening again,” the firm added in its statement.

Initial posts by ‘UberLeaks’ claimed that the threat actor(s) had breached Uber’s internal systems. However, the company insists that it is yet to observe any malicious activity on their network.

“The third-party is still investigating but has confirmed that the data we’ve seen came from its systems, and to date we have not seen any malicious access to Uber internal systems,” the firm told BleepingComputer.

Third-party security risks

This incident once again raises questions over third-party vulnerabilities and the potential risks posed to organisations.

In recent years, Marriott, Instagram and DoorDash have experienced data breaches as a result of third-party vendor vulnerabilities.

Related Resource

Enhancing cyber security in an expanding landscape

How secure connections between wireless peripherals can help mitigate cyber incidents and empower employees

Whitepaper cover with image of a hybrid work spaceFree Download

A recent study by Cyentia Institute found that nearly one-third (31%) of vendors are considered a “material risk” in the event of a data breach.

This growing issue has prompted organisations to implement measures to mitigate threats across the supply chain, with 79% stating that they now have formal programmes in place to manage third-party risk.

Similarly, nearly two-thirds (60%) said that managing third-party vendor risks has become a key priority for their organisation.

Ian McShane, VP of strategy at Arctic Wolf warned that growing threats and high-profile compromises have highlighted the need for businesses to “understand who their suppliers are” and reduce risk by keeping tabs on vendors operating within their environments.

“In recent years, we’ve seen that companies are becoming more at risk of being either the ‘target’ or the ‘transport’ that allows other organisations to be hacked,” he explained.

“Vendor risk assessment is a critical aspect of any organisation's security operations and this must be a priority for 2023,” McShane added.

Featured Resources

What 2023 will mean for the industry

What do most IT decision makers really think will be the important trends and challenges in the coming year?

Free Download

2022 Magic quadrant for Security Information and Event Management (SIEM)

SIEM is evolving into a security platform with multiple features and deployment models

Free Download

IDC MarketScape: Worldwide unified endpoint management services

2022 vendor assessment

Free Download

Magic quadrant for application performance monitoring and observability

Enabling continuous updating of diverse & dynamic application environments

View Now


Threat hunting for MSPs

Threat hunting for MSPs

10 Jan 2023
IBM LinuxONE for dummies

IBM LinuxONE for dummies

4 Jan 2023
Six myths of SIEM

Six myths of SIEM

3 Jan 2023
Storage's role in addressing the challenges of ensuring cyber resilience

Storage's role in addressing the challenges of ensuring cyber resilience

3 Jan 2023

Most Popular

Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
GTA V vulnerability exposes PC users to partial remote code execution attacks

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
European partners expect growth this year, here are three ways they will achieve it

European partners expect growth this year, here are three ways they will achieve it

17 Jan 2023