Use NordVPN’s Dark Web Monitor feature to be alerted if your data ever gets leaked ⚠️
Get an exclusive deal
***
Uber was breached again. Now thousands of employee records have been leaked, which might make your own data more vulnerable. So what happened in the Uber new data breach? What other data was leaked? Watch the video for the full story.
***
00:00 Intro
00:12 Uber breach
00:25 Data Leaked
00:56 Lapsus$
***
Before calling an Uber moving forwards, you might want to give it some thought because unfortunately the business suffered a data breach. Again.
The hack occurred after someone got access to internal systems of Teqtivity, a third-party asset management firm. Then, early on Saturday morning, someone going by the name of UberLeaks started posting information from Uber and Uber Eats on a hacking site. It contains information about IT assets, corporate reports, and employee email addresses.
Over 77,000 Uber employees’ email addresses and Windows Active Directory information are included in at least one of the papers, according to Bleeping Computer. Due to the fact that the employee data is now widely available, Uber employees may be the subject of specific phishing attacks.
UberLeaks made mention to the famed Lapsus$ hacking group while exposing the material. A number of well-known assaults, including those against Okta, Nvidia, Samsung, and Uber itself in September, were carried out by Lapsus$. But as of right moment, these do appear to be totally distinct attacks.
And prehaps you shouldn’t remove your Uber app just yet, you should probably pay close attention to every message the firm sends you.
***
As for NordVPN. The flagship service of Nord Security and the top VPN provider in the world is NordVPN. NordVPN aims to give internet users all the tools they need for online security.
A VPN is what? Virtual private network is abbreviated as VPN. It is a service that masks virtual location and IP address in order to secure online behaviour.
***
Grab the Deal!
#NordVPN #UberBreach #UberHackedAgain
Uber, one of the world’s most well-known ride-sharing companies, has suffered a new data breach. This incident is the latest in a series of security incidents that have occurred within the company over the past few years.
Another Breach
Uber Technologies Inc. is once again facing a data breach, this time with a hacker sharing the stolen information on BreachForums – a newly formed forum that has taken the place of RaidForums. The hacker has adopted the pseudonym “UberLeak” and has posted that they had “Hacked by autistic fisherman Arion and scammed all LAPSUS$ members.” The stolen data includes source code associated with the mobile device management platforms used by Uber, Uber Eats and third-party vendor services. Although no user information has been found in the data, 77,000 employee details were included in the archives.
This is not the first time that Uber have faced a data breach, with the company having suffered numerous security issues in the past. As such, Uber has vowed to take all necessary measures to protect its customers’ information going forward. The authorities are currently investigating the incident and no further details have been released at this time. It remains to be seen what further implications this latest breach will have for Uber and its customers.
Uber recently responded to a report that 77,000 employee records of theirs had been exposed publicly. The files are said to be related to an incident at a third-party vendor, and unrelated to the security incident in September.
The breach was initially reported on December 17 by Holden Satterwhite, an independent security researcher who runs the website Breach Report. According to Satterwhite, the data was left exposed on an unsecured Amazon Web Services S3 server and could have been accessed by anyone.
Paul Bischoff, privacy advocate at tech research site Comparitech Ltd., warned that “Given that the data is now publicly accessible, as opposed to being sold to a single party, anyone could use it to launch targeted phishing attacks against Uber employees. These attacks could trick Uber staff into giving up login credentials, leading to further, more consequential attacks. Even if only a handful of employees out of the 77,000 affected were to fall victim to a phishing scam, it could be detrimental to Uber and its customers.”
A spokesperson for Uber told Bleeping Computer today that the “files are related to an incident at a third-party vendor and are unrelated to our security incident in September.” The security incident in September was reported at the time as involving a hacker breaching internal systems and leaving messages that they had accessed critical information.
Uber was hit with yet another security breach this week, as information technology asset management software company Teqtivity Inc. announced that a malicious third party had gained access to their Amazon Web Services Inc. backup server, where data and code related to customers was stored. This incident is only the latest example of a long string of data breaches Uber has suffered, going all the way back to 2016. That infamous incident involved the theft of 57 million personally identifiable information customer records and was compounded by former Uber Chief Security Officer Joe Sullivan’s effort to cover it up. Companies have folded for much less than Uber’s ongoing cybersecurity issues, yet so far they have managed to survive. It remains to be seen what the impact of this latest breach will have on their longterm prospects.
Public Response
The public response to this news has been disbelief, with many questioning how a company can survive such a litany of data breaches and security issues. Despite Uber’s continued presence in the market, it appears that they are quickly losing trust among users, who are no doubt weary of putting their personal information at risk once again. Only time will tell if Uber is able to turn things around and regain consumer confidence. Until then, customers should exercise caution when using Uber’s services and be mindful of potential risks associated with sharing sensitive data with them.
Uber’s track record when it comes to data security and privacy is certainly alarming, and it doesn’t look like things are going to improve anytime soon. There’s no telling how much longer the company can continue on in this manner before suffering more serious repercussions. It might be wise for customers to consider alternative transportation options until Uber can prove that they have made real changes to their security protocols.
Sullivan, a former Uber executive, was found guilty of obstruction of justice and “misprision” or concealment of a felony in October. The charges relate to Sullivan’s role in responding to U.S. Federal Trade Commission inquiries about Uber’s cybersecurity practices following an earlier breach in 2014.
The breach occurred when a third party obtained access to the data stored by Uber, including customer passwords and personal information. Despite the company’s attempts at mitigating the risk of such an incident, it appears that Sullivan failed to take appropriate steps to prevent further harm from occurring. As such, he was found guilty for failing to protect the public from potential harm caused by his inaction.
The issue serves as an important reminder that no matter how great our technological capabilities may be, organizations must remain vigilant in protecting their customer data from unauthorized disclosure due to third-party access and other security risks. Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., said it best when he stated: “Unfortunately due to historical events, Uber will not only continue to be a target but will also be under a microscope when it comes to security incidents…if this is indeed data collected from a third party, it does serve to remind organizations that any time other parties have access to information, it can potentially be an issue.”
Organisations Need To Be Proactive When Managing Data Protection
This case highlights why it is so critical for organizations large and small alike to take proactive measures when managing customer data protection risks. This includes maintaining up-to-date security standards for all networks and systems across the company as well as proactively monitoring for suspicious activity online or on internal systems. Additionally, companies must ensure that any third parties who have access to sensitive customer information are regularly audited and certified as compliant with industry standards regarding data protection practices.
Going forward, companies should continue striving towards better cybersecurity practices as a means of preventing future incidents similar to what happened with Uber. Companies should invest in employee training programs that provide education on good security practices as well as regular testing for vulnerabilities in systems and processes – both of which are essential components for ensuring customers are always protected from potential threats online or otherwise.
The Uber Technologies Inc. cyberattack that exposed the personal data of almost 57 million customers and drivers. The attack was the result of a security breach in one of their third-party vendors, and serves as a stark reminder to companies around the world to pay closer attention to their cybersecurity measures.
Cybersecurity At Uber
Stephan Chenette who is co-founder and also chief technology officer at real-time cybersecurity readiness company AttackIQ Inc., had this to say about the current state of security: “The most recent attack on Uber is just one example of how vulnerable companies can be if they don’t have adequate safety protocols in place. In addition to the high-profile breach from three months ago, Uber also experienced a massive data breach in 2016 that impacted over 57 million customers and drivers. Considering that these are some of the biggest tech companies out there, it’s clear that businesses everywhere need to prioritize their cybersecurity efforts if they want to protect themselves from attacks.”
In order to stay safe from cybercrime, companies need to implement an appropriate level of security protocols and standards. This includes ensuring all third-party vendors are regularly monitored for any potential threats or vulnerabilities, having strong password policies in place, training employees on how to recognize suspicious activity or emails, and maintaining backups in case compromised data needs to be restored. Additionally, organizations should consider investing in advanced technologies such as intrusion detection systems and artificial intelligence analytics solutions that can detect malicious activities before they even occur.
The fact that Uber is still experiencing significant cyberattacks even after numerous incidents highlights just how much work needs to be done when it comes to improving information security practices across the board. Companies need ensure they have comprehensive strategies in place so they can respond quickly if similar attacks were ever attempted on them within the future. As Stephan Chenette said best: “It’s important for businesses everywhere to stay up-to-date with the latest threats so they can effectively defend against them before it’s too late.”
Read more cybersecurity articles here at gethitch.com
