Uber confirmed it fell victim to a data breach after cybercriminals gained access to one of the company’s third-party vendors, called Teqtivity. This vendor is a known tech and IT asset-tracking solution that first notified customers of the breach in a statement on Monday.
News of the breach first emerged last week after a threat actor with the handle “UberLeak” posted stolen Uber and Uber Eats data on a dark web forum.
According to reports by BleepingComputer, one of the data dumps included the email addresses and Windows Active Directory data of over 77,000 Uber employees.
While researchers first believed the data was linked to a security incident in September that impacted Uber’s internal tools, the company said this was not actually the case.
“We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September,” Uber said to reporters. “Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.”
A few days into the investigation, it became clear that the data leaked by the threat actors were linked to a compromised AWS backup server belonging to Teqtivity.
“The third party is still investigating but has confirmed that the data we’ve seen to date came from its systems, and to date, we have not seen any malicious access to Uber Internal systems,” explained Uber.
However, the breach didn’t expose any sensitive data, corporate information, or customer details, the company added.
Teqtivity “does not collect or store, and therefore the data does not include, sensitive personal information like bank account details or government identification numbers ( like SSNs, tax numbers), nor do they collect or store consumer, driver or courier information,” an Uber spokesperson told reporters.