Community Edition
Total Tests:
This Week:
Today:
Recent Blog Posts
Four Iranian Hackers Charged With Cyberattacks On American Firms
April 25, 2024
An Ex-Amazon Security Engineer Gets 3 Years In Jail For Hacking And Crypto Theft
April 18, 2024
Hacker Fakes His Own Death To Avoid Child Support Payments
April 11, 2024
ATM Skimming Ring Leader Sentenced To 75 Months In Prison
April 4, 2024
German Authorities Dismantle the Nemezis Market Dark Web Marketplace
March 28, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Uber Data Breach of Employee Information Caused by Third-Party Vendor

By Scott Ikeda for CPO Magazine
Saturday, December 17, 2022

A new Uber data breach that took place on December 12 has reportedly compromised the information of about 77,000 employees. The incident has been traced back to a third-party vendor, and the stolen data has been posted to a dark web forum.

Dr. Ilia Kolochenko, Chief Architect & CEO of ImmuniWeb, echoes the point that this particular Uber data breach should be a caution to organizations to review the state of their relationships with third-party vendors, no matter how confident they may feel in their own internal security: “Vulnerable third parties are usually the weakest link of tech giants like Uber. After the recent criminal conviction of ex-executive of Uber in relation to the 2016 data breach, Uber has likely boosted its investments into cybersecurity. Despite all the efforts, controlling your external vendors is an arduous and costly task, which is often underfunded and underprioritized compared to other security processes. Unsurprisingly, pragmatic cybercriminals hit the most vulnerable party to extract valuable data from Uber, which can be now exploited to further sophisticated attacks. For instance, cybercriminals will likely exploit the stolen information about Uber’s network architecture and personal data of employees for advanced spear-phishing or password-spraying attacks, trying to break into Uber’s internal networks and get access to customer databases. Their chances to succeed are unfortunately quite high in view of the confidential information allegedly in their possession. From a legal viewpoint, this third-party data breach is disastrous news for Uber that may be now accused of systematic failures to implement necessary security controls, as well as of a flawed information security management system. Given the size and impact of the breach, both federal and state US agencies may go after the breached supplier and Uber.” Read Full Article


Previous Media Publications:

Spiceworks 1: FBI’s InfraGard Hacked, Data of 80,000 Members Put for Sale

ComputerWeekly: More Uber data exposed in possible supply chain attack

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential