Security News > 2022 > December > Uber staff info leaks after supplier Teqtivity gets pwned
Uber executives said the information leaked was not from the massive breach in September, but from an attack on Teqtivity, a supplier whose software enables enterprises to keep track of their IT assets, such as phones and computers, and performs work for Uber.
According to a statement from Teqtivity, an attacker gained access to a company backup server hosted by Amazon Web Services that stored code and data files related to Teqtivity's customers, such as Uber.
No Uber customer data was affected, we're told, but information on more than 77,000 Uber and Uber Eats employees was leaked.
Some data was also related to third-party vendor services and to mobile device management platforms Uber uses.
Teqtivity "Does not collect or store, and therefore the data does not include, sensitive personal information like bank account details or government identification numbers, nor do they collect or store consumer, driver or courier information," an Uber spokesperson told The Register.
"These attacks could trick Uber staff into giving up login credentials, leading to further, more consequential attacks. Even if only a handful of employees out of the 77,000 affected were to fall victim to a phishing scam, it could be detrimental to Uber.".
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/13/uber_data_breach_teqtivity/