Total Tests:

More Uber data exposed in possible supply chain attack

By Alex Scroxton for ComputerWeekly
Tuesday, December 13, 2022

A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack.

ImmuniWeb chief architect and CEO Ilia Kolochenko said that given Uber’s likely investments into security since a 2016 data breach – which recently resulted in the criminal conviction of its ex-security officer Joe Sullivan – vulnerable third parties were likely to prove to be the “weakest link” for the firm.

“Despite all the efforts, controlling your external vendors is an arduous and costly task which is often underfunded and underprioritised compared to other security processes,” said Kolochenko. “Unsurprisingly, pragmatic cyber criminals hit the most vulnerable party to extract valuable data from Uber, which can now be exploited to further sophisticated attacks.”

If reports of the nature of the data prove accurate, Uber will now be at risk of attempts to gain access to its mobile architecture, said Kolochenko, while its employees may find themselves targeted in advanced spear-phishing or password-spraying attacks. From a legal perspective, the incident may also spell trouble for Uber, he added. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential