A hacker has leaked a trove of data linked to the ride-sharing company Uber, exposing everything from corporate reports to information on more than 77,000 employees.
The data, which also includes IT asset information and source code, was posted over the weekend on a notorious hacking forum by a user named “UberLeak.”
In a statement to BleepingComputer, Uber said that the data was not pilfered directly from its servers but from a third-party vendor known as Teqtivity. Uber also confirmed that the data was unrelated to a separate breach it suffered back in September.
“We believe these files are related to an incident at a third-party vendor and are unrelated to our security incident in September,” Uber said. “Based on our initial review of the information available, the code is not owned by Uber; however, we are continuing to look into this matter.”
In a notification on the breach, Teqtivity, which handles asset management and tracking services for Uber, stated that the hacker was able to steal the data after gaining access to a backup server in the cloud.
“We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third party,” the vendor said. “The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers.”
Uber also stressed that the breach did not involve any customer data. Experts warn that Uber employees, however, should be on the lookout for phishing attacks now that their company emails and other personal data has been exposed.
The breach is far from the first for Uber. Aside from the leak in September, a third party used by Uber in 2016 was breached as well, resulting in the exposure of data belonging to roughly 57 million customers and drivers.