The Target: Uber, a U.S based ride-service company.
The Take: Exposure of sensitive company information including: IT Asset reports, Windows domain login names and email addresses, and Active Directory information.
The Vector: The data was stolen through a breach in a third-party provider, Teqtivity, using compromised employee credentials. These were used to gain access to an AWS backup server.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data. The information stolen in this attack could lead to highly targeted phishing campaigns against Uber. Regular vendor assessments are a key component in cybersecurity.