Uber Data Breach of Employee Information Caused by Third-Party Vendor
Saturday, December 17, 2022
A new Uber data breach that took place on December 12 has reportedly compromised the information of about 77,000 employees. The incident has been traced back to a third-party vendor, and the stolen data has been posted to a dark web forum.
Dr. Ilia Kolochenko, Chief Architect & CEO of ImmuniWeb, echoes the point that this particular Uber data breach should be a caution to organizations to review the state of their relationships with third-party vendors, no matter how confident they may feel in their own internal security: “Vulnerable third parties are usually the weakest link of tech giants like Uber. After the recent criminal conviction of ex-executive of Uber in relation to the 2016 data breach, Uber has likely boosted its investments into cybersecurity. Despite all the efforts, controlling your external vendors is an arduous and costly task, which is often underfunded and underprioritized compared to other security processes. Unsurprisingly, pragmatic cybercriminals hit the most vulnerable party to extract valuable data from Uber, which can be now exploited to further sophisticated attacks. For instance, cybercriminals will likely exploit the stolen information about Uber’s network architecture and personal data of employees for advanced spear-phishing or password-spraying attacks, trying to break into Uber’s internal networks and get access to customer databases. Their chances to succeed are unfortunately quite high in view of the confidential information allegedly in their possession. From a legal viewpoint, this third-party data breach is disastrous news for Uber that may be now accused of systematic failures to implement necessary security controls, as well as of a flawed information security management system. Given the size and impact of the breach, both federal and state US agencies may go after the breached supplier and Uber.” Read Full Article
Spiceworks 1: FBI’s InfraGard Hacked, Data of 80,000 Members Put for Sale
ComputerWeekly: More Uber data exposed in possible supply chain attack