Uber Suffers New Data Leak After Third-Party Vendor Gets Hacked

After a large collection of internal data was dumped over the weekend on a hacking forum, Uber has confirmed a new data leak to RestorePrivacy that is unrelated to the September breach, but Uber is blaming a third-party vendor.

American mobility service Uber has suffered an indirect data leak which, according to the company, has resulted from a hack on a third-party vendor.

On December 10, a user on the Breached forums posted a dump of data allegedly stolen from Uber, containing 20 million records of internal information.

The forum post linking to the leaked archive files.
Source: RestorePrivacy.com

The data wasn’t put up on the forum for sale but instead shared freely with all users. The forum’s admin also joined in the discussion, which is typically an indication of the legitimacy of the listing.

RestorePrivacy examined the data in the shared archive and found various spreadsheets containing asset data and various sensitive details, including personally identifiable and account information of Uber employees.

Sample of the leaked data contained in the archive.
Source: RestorePrivacy.com

A separate thread posted on the same day shares an archive containing what seems to be source code from Uber Eats, API details, web app data, and more.

Uber confirms new security breach

RestorePrivacy contacted Uber to verify the authenticity of the data, and the company told us they are still investigating the leaked dataset.

However, from the preliminary results of their review, it was deduced that the leak is unrelated to the September 2022 incident, and

Read more

Explore the site

More from the blog

Latest News