- Teqtivity announced that the company is investigating the incident that allowed third parties to gain access to the Teqtivity AWS backup server.
- According to the announcement, employees’ email addresses, corporate reports, and IT asset information are stolen.
- Uber claims that the incident didn’t affect customers, but stolen information can be used to launch phishing attacks.
Uber admitted that the company has suffered a data breach. A threat actor named UberLeak published the leaked information on a popular hacker forum. According to the announcement, unauthorized third parties stole the data from Teqtivity, an asset management and tracking services provider. The leaked information includes email addresses, corporate reports, and IT asset information.
The forum user claims that the data includes source code associated with mobile device management platforms used by the company and third-party vendor services. Separate topics were created for Uber MDM, Uber Eats MDM, Teqtivity MDM, and TripActions MDM. Posts also refer to members of the notorious Lapsus$ hacker group.
Online news sources claim that the data includes more than 77,000 Uber employees’ email addresses and Windows Active Directory information. The data is believed to be stolen during the September attack. The company stated that the incident doesn’t affect customers. Experts believe that the stolen data can be used to target Uber employees with phishing attacks to steal their credentials. In the breach notification statement, Teqtivity said,
« We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third party. The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers.
A third-party forensics firm has been retained to investigate all logs and server configuration. A third-party security team has also been hired to begin a penetration test of the infrastructure. We have notified law enforcement officials.
Our investigation is ongoing. However we have notified affected customers of the incident and have taken steps to ensure the situation is contained and have prevented this type of event from happening again. »