John Paul M. Joaquin Tech 12.12.2022 23:Dec PM EST

Uber Suffers Second Data Breach; Phishing Attacks on Employees Possible

Uber got itself hacked yet again.

The popular ride-hailing app suffered another data breach - the second one in 2022 and almost three months since the first occurred.

Uber detected its first data breach of the year when its employees received a suspicious message from the hacker revealing what happened after the fact.

Uber December 2022 Data Breach Details

Uber recently confirmed it came under attack by a hacker yet again just as 2022 was coming to an end. According to what the company disclosed, a threat actor going by the name "UberLeaks" began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for being a hub for stolen data, per Bleeping Computer.

The data UberLeaks published includes various archives alleged to be source code associated with mobile device management platforms (MDM) - the same ones Uber uses for its ride-hailing and food-ordering apps.

Other third-party vendor services are also using the same source code.

On the hacking forum, UberLeaks created four separate topics: Uber MDM at uberhub.uberinternal.com, Uber Eats MDM, third-party Teqtivity MDM, and TripActions MDM platforms.

Each topic refers to a member of the infamous Lapsus$ hacking group responsible for the hacking spree earlier in 2022 affecting NVIDIA, Ubisoft, and even Samsung.

Lapsus$ is also responsible for Uber's first data breach of the year, with the hacking group managing to gain access to the company's internal network and Slack server.

The group got in by convincing an Uber employee to give them their login credentials while pretending to be a corporate information technology person.

How To Geek reports that the source code isn't the only one UberLeaks published. Among the published data were internal reports and email addresses of over 77,000 Uber employees.

The files didn't appear to contain any user information, meaning that users of the Uber and Uber Eats apps are safe for the time being. However, the published data includes internal code and Uber corporate data, allowing any hacker or cyber criminal to initiate phishing attacks on Uber employees put at risk by the data's publishing.

Uber said that it believes the stolen files are related to an incident at a third-party vendor and are unrelated to its previous security breach. Although the company's investigation shows that the source code doesn't belong to it, the investigation will still continue.

How To Avoid Becoming A Victim Of A Phishing Attack

Both Bleeping Computer and How To Geek are advising Uber employees to be on the lookout for phishing emails impersonating Uber IT support.

Should there be one, the employee is advised to confirm the email with IT admins before responding to them.

Additionally, Uber employees should enable multi-factor authentication on their devices and have them updated to the latest software automatically to provide the best possible protection against phishing attacks, per the FTC.

Backing up critical data is also important to prevent any data loss in the event of a successful phishing attack.