Teqtivity, an Uber Third Party Vendor, Suffer Data Leak Attack

The breach has compromised the data of 77,000 Uber employees, which can be used for future pushing attacks.

The largest ride-sharing company Uber suffers another data leak. Teqtivity, a third-party vendor of Uber and Uber Eats, has been the target this time. The troubling days of data breaches seem to continue for the giant rideshare platform.

The recent Teqtvity data breach is said to have compromised Uber’s vital and sensitive information on the dark web. A cyber criminal has posted the stolen data for sale on a dark web forum which also includes the sensitive information of Uber.

Teqtivity has confirmed the alleged data breach, acknowledging that they’re aware of the incident. A malicious third party’s unlawful access to AWS backup server Teqtivity’s networks led to the breach.

The compromised backup data is said to have housed codes and data of Teqtivity’s customers, including Uber. Multiple sources indicate that the leaked data also includes archives that have source codes of the Mobile Device Management (MDM) platform of Uber and Uber Eats, as well as:

  • Data destruction reports
  • IT asset management reports, and
  • Other vital business information

Teqtivity has reported the incident to law enforcement. The firm also said it had appointed an outside forensics company to investigate all the server logs and configurations.

They also hired a third-party security team to test the infrastructure for penetration.

We have notified affected customers of the incident and have taken steps to ensure the situation is contained and have prevented this type of event from happening again.Teqtivity

Teqtivity notified all the affected customers of the incident and apologized for the inconvenience. The firm says it’s taking all the necessary measures to contain the situation and prevent such mishaps in the future.

The Breach is Suspected of Having Compromised Sensitive Data

As per sources, the data leak has exposed device and user information. The compromised user information includes first name, last name, work email address, and work location details.

Experts say that source code is the intellectual property of a company and therefore holds great value for a cyber-criminal. Threat actors can use the source code to detect security vulnerabilities and open ways for further cyber-attacks.

The compromised data includes device information such as Serial Number, Make, Model, and Technical Specs, and user information such as name, email addresses, etc.

Therefore, the source code leak can be a matter of concern for Uber. Further, Uber has also confirmed that the leaked data included the source code created by Teqtivity, which was used for managing Uber’s services.

Also, one of the leaked documents is said to contain Windows Active Directory information and email addresses of over 77,000 Uber employees. Cybercriminals can use this data to conduct targeted phishing attacks to access more sensitive information.

As such, cyber defenders are required to take apt measures and carry out quantitative analysis of likely risk scenarios.

Reportedly, Uber has also asked its employees to watch out for potential phishing emails from fake Uber IT support and directly contact the IT Admins before responding to a suspicious email.

Lapsus$ Role in This Attack

The threat actor has created four separate posts on a dark web forum under the pseudonym “UberLeaks.” Each of these posts is attributed to different members of an infamous hacking group, “Lapsus$.”

The same group was responsible for the September cyber attack that gave threat actors access to Slack server accounts, code repositories, cloud systems, emails, and HackerOne tickets.

While threat actor forum posts read that they’ve also breached the ‘uberinternal.com,’ Uber denies observing any malicious access to their systems.

Uber has also said that the Lapsus$ group wasn’t involved in this breach, even though the threat actors affiliated with the organization were mentioned in the forum threads.

However, TripActions — another client of Teqtivity — says none of their data has been exposed. TripActions has run an investigation with Teqtivity and determined that none of their data was exposed during the security incident at Teqtivity that compromised Uber’s data.