Uber says compromised third-party to blame for data breach
Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three months
Ride hailing giant Uber has revealed it is responding to data breach that it says occurred as a result of a compromised third-party vendor.
Over the weekend, a threat actor operating under the name ‘UberLeaks’ posted sensitive information to a popular hacking forum, which they claimed originated from Uber and Uber Eats.
The threat actors claimed that data included source code and IT asset management reports, as well as domain login details, email addresses, and sensitive corporate information, according to a report from BleepingComputer.
The information, which has been analysed by security experts, is believed to include email addresses and information pertaining to more than 77,000 employees.
A spokesperson for Uber told BleepingComputer that the breach is “related to an incident at a third-party vendor and unrelated to our security incident in September.”
“Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter,” the spokesperson added.
Third-party vendor breach
Following a preliminary investigation into the breach, Uber has since confirmed that the incident came as a result of a compromised third-party vendor, Teqtivity.
Teqtivity is one of a number of third-party companies that Uber relies on to support services. The firm helps Uber track, monitor and manage IT assets, including mobile devices and computers.
In a statement, Teqtivity confirmed the breach and said it has launched an investigation into the matter.
“We are aware of customer data that was compromised due to unauthorised access to our systems by a malicious third party,” the company said.
“The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers.”
According to the firm, exposed data includes information pertaining to:
- User information such as work location details, full names and work email addresses
- Device information, including serial numbers, make, models and technical specifications
Teqtivity revealed it is working with a third-party forensics team to investigate the breach. A third-party security team has also been retained to begin penetration testing of the firm’s infrastructure.
"Our investigation is ongoing. However, we have notified affected customers of the incident and have taken steps to ensure the situation is contained and have prevented this type of event from happening again,” the firm added in its statement.
Initial posts by ‘UberLeaks’ claimed that the threat actor(s) had breached Uber’s internal systems. However, the company insists that it is yet to observe any malicious activity on their network.
“The third-party is still investigating but has confirmed that the data we’ve seen came from its systems, and to date we have not seen any malicious access to Uber internal systems,” the firm told BleepingComputer.
Third-party security risks
This incident once again raises questions over third-party vulnerabilities and the potential risks posed to organisations.
In recent years, Marriott, Instagram and DoorDash have experienced data breaches as a result of third-party vendor vulnerabilities.
Enhancing cyber security in an expanding landscape
How secure connections between wireless peripherals can help mitigate cyber incidents and empower employeesFree Download
A recent study by Cyentia Institute found that nearly one-third (31%) of vendors are considered a “material risk” in the event of a data breach.
This growing issue has prompted organisations to implement measures to mitigate threats across the supply chain, with 79% stating that they now have formal programmes in place to manage third-party risk.
Similarly, nearly two-thirds (60%) said that managing third-party vendor risks has become a key priority for their organisation.
Ian McShane, VP of strategy at Arctic Wolf warned that growing threats and high-profile compromises have highlighted the need for businesses to “understand who their suppliers are” and reduce risk by keeping tabs on vendors operating within their environments.
“In recent years, we’ve seen that companies are becoming more at risk of being either the ‘target’ or the ‘transport’ that allows other organisations to be hacked,” he explained.
“Vendor risk assessment is a critical aspect of any organisation's security operations and this must be a priority for 2023,” McShane added.
What 2023 will mean for the industry
What do most IT decision makers really think will be the important trends and challenges in the coming year?Free Download
2022 Magic quadrant for Security Information and Event Management (SIEM)
SIEM is evolving into a security platform with multiple features and deployment modelsFree Download
IDC MarketScape: Worldwide unified endpoint management services
2022 vendor assessmentFree Download
Magic quadrant for application performance monitoring and observability
Enabling continuous updating of diverse & dynamic application environmentsView Now