One other day, one other information breach at Uber. This time, one of many world’s main ride-sharing platforms has suffered yet one more safety incident, after which hackers posted delicate worker data and inner company information.
It’s price noting that the information has been leaked on BreachForums, which surfaced as an alternative choice to the now-defunct now-sized Raidforums.
The cyberattack focusing on Uber and Uber Eats occurred over the weekend. The information was first damaged by RestorePrivacy on Saturday morning when a hacker with the username UberLeaks began leaking information stolen from the corporate on a preferred information leak platform.
The hacker created 4 completely different matters to submit the information. This consists of Uber MDM at uberhub.uberinternal.com, Uber Eats MDM, and third-party platforms Teqtivity MDM and TripActions MDM.
What Information Was Leaked?
Hackread.com has seen the information and it may be confirmed that it accommodates a number of archives, together with the supply code linked with cellular system administration platforms that Uber Eats and Uber each use, together with third-party vendor companies.
The leaked information additionally consists of information destruction studies, IT asset administration studies, Home windows area login names, and e-mail IDs, aside from company data. The Home windows Lively Director data and e-mail IDs class contained over 77,000 data of Uber staff.
It’s doable that this information doesn’t belong to the September breach as a result of the recordsdata are unrelated to that incident, and Uber doesn’t personal the code. Although Uber customers don’t must really feel scared by this information breach, the corporate’s staff must be frightened as they may turn out to be a goal of phishing assaults.
Who Could possibly be the Perpetrator?
Every of the 4 information leak class titles refers to a Lapsus$ hacking group member, additionally recognized for high-profile cyberattacks on Samsung, Nvidia, Microsoft, and Ubisoft. It’s suspected that the identical hacking group has focused Uber as a result of Lapsus$ had already attacked Uber in September and managed to entry its inner community and Slack server.