hand holding a phone with Uber on screen

Uber data stolen via third-party vendor

Uber is facing a new cybersecurity incident after threat actors stole some of its data from Teqtivity, a third-party vendor that provides asset management and tracking services.

“We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third party,” said Teqtivity in a statement. “The third party was able to gain access to our AWS backup server that housed Teqtivity code and data files related to Teqtivity customers.”

The investigation is ongoing, but Teqtivity would like you to know that it doesn’t collect or retain personal information, banking information or government identification numbers. As you’d expect, it says it has already notified affected clients and is taking steps to ensure a similar incident can’t happen again.

“We sincerely apologize for any inconvenience this may cause and very much regret this situation has occurred. Your confidence in our ability to safeguard your company data and your peace of mind are very important to us,” the company said.

Attack dates against Teqtivity and Uber have yet to be established; however, a threat actor named “UberLeaks” began leaking the stolen data on BreachForums, a site infamous for posting data breaches, around early Saturday morning, according to BleepingComputer.

UberLeaks claimed the data came from Uber and Uber Eats. However, the leaks are said to have included archives containing source code associated with mobile device management (MDM) platforms for Uber, Uber Eats, and Teqtivity. The leaks also had employee email addresses, corporate reports, data destruction reports, IT asset management reports, Windows domain login names and email addresses, and other corporate information.

UberLeaks created separate topics for the MDMs for the brands above, with each referencing a member of Lapsus$, the hacking group involved in the Uber breach in September

Uber told BleepingComputer that it did not believe the files were related to the September security incident. “Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.”

The leaked data may not contain customer information, but security researchers who analyzed it said there’s enough to create targeted phishing attacks against Uber employees who may be tricked into giving away their credentials.

Uber has had its share of data breaches and controversies. In September, a purported teen hacker breached its network, compromised an employee’s access, and gained access to its internal Slack chat app. Six years before that, the personal data of 7 million drivers were exposed, including 600,000 driver’s license numbers. In July of this year, Uber confessed to a cover-up of the 2016 data breach with the help of its former chief security officer (CSO), Joe Sullivan. Sullivan was charged with obstruction of justice.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.