Uber has suffered yet another high-profile data leak that exposed sensitive employee and company data. This time, attackers breached the company by compromising an Amazon Web Services (AWS) cloud server used by a third party that provides Uber with asset management and tracking services.
The incident happened over the weekend, when a threat actor named "UberLeaks" began posting data they claimed was stolen from Uber and Uber Eats. The data turned up on the BreachForums hacking forum, the successor of now-defunct RaidForums, media outlets reported, and included employee email addresses, corporate reports, and IT asset information stolen.
Hackers posted a number of archives that they said are source-code associated with various mobile device management (MDM) platforms used by Uber, as well as by Uber Eats and third-party vendor services, according to reports. While no user information appears to have been compromised in the breach — which appears to entirely have affected corporate assets — the personal information of 77,000 Uber employees was leaked.
Hacker Breaches Tequivity AWS Server
Uber acknowledged the incident and pointed the media to a breach notification by a company called Tequivity, which it uses for asset management and tracking services.
Tequivity explained that "customer data was compromised" due to "unauthorized access" to the company's systems by "a malicious third party," according Tequivity's release. Specifically, attackers gained access to the company's AWS backup server, which houses code and data files related to Teqtivity customers, the company said.
It's unclear if that access was due to a misconfiguration of the cloud bucket, or if there was an actual compromise to blame.
Information exposed by the attack included information housed on various Uber employees' IT devices, including serial number, make, models, and technical specifications, as well as employee information, including first and last names, work email addresses, and work location details, according to Teqtivity.