After a large collection of internal data was dumped over the weekend on a hacking forum, Uber has confirmed a new data leak to RestorePrivacy that is unrelated to the September breach, but Uber is blaming a third-party vendor.
American mobility service Uber has suffered an indirect data leak which, according to the company, has resulted from a hack on a third-party vendor.
On December 10, a user on the Breached forums posted a dump of data allegedly stolen from Uber, containing 20 million records of internal information.
The forum post linking to the leaked archive files.
The data wasn’t put up on the forum for sale but instead shared freely with all users. The forum’s admin also joined in the discussion, which is typically an indication of the legitimacy of the listing.
RestorePrivacy examined the data in the shared archive and found various spreadsheets containing asset data and various sensitive details, including personally identifiable and account information of Uber employees.
A separate thread posted on the same day shares an archive containing what seems to be source code from Uber Eats, API details, web app data, and more.
Uber confirms new security breach
RestorePrivacy contacted Uber to verify the authenticity of the data, and the company told us they are still investigating the leaked dataset.
However, from the preliminary results of their review, it was deduced that the leak is unrelated to the September 2022 incident, and