Uber's breach shows third-party providers are the weakest link
Check out all the Smart Security Summit on-demand sessions here.
Who do you trust with your critical data assets? In an ideal world, the answer would be "nobody", but the reality is that most businesses rely on third-party vendors in one form or another to enable day-to-day processes and services. However, as Uber's latest breach showed, this can put protected information at risk.
Just yesterday, RestorePrivacy revealed that on December 10, Uber suffered a data breach after a malicious actor gained access to third-party asset management provider Teqtivity's internal systems and leaked account information. and the personal information of approximately 77,000 Uber employees on a hacker. forum.
Shortly after the news broke, Teqtivity released a statement explaining that hackers had hacked into the provider's AWS backup server, which stored customer code and files.
Above all, the breach highlights that companies cannot afford to rely on security measures from third-party vendors to protect their data, and suggests that organizations need to be much more proactive in due diligence on entities that they choose. associate with the sides.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look here A look at third-party riskThe breach comes just months after a Lapsus$ hacker hacked Uber into buying login credentials from an Uber EXT contractor and used MFA bombardment to bombard the user with login requests by SMS until he accepts one, giving the hacker access to Uber's internal systems. .
It also comes after a federal jury convicted former Uber CISO Joseph Sullivan of covering up a 2016 data breach.
While unlike those security mistakes, this latest breach stands out because it illustrates a trend of supply chain attacks against third-party vendors that are becoming more common, with research showing that 51% of organizations have suffered a data breach. caused by a third party.
"In recent years, we have seen that companies are increasingly at risk of being the 'target' or 'conveyor' allowing other organizations to be hacked. With this data breach, this type supply chain attack pattern becomes perhaps the Venn diagram where supply chain attacks meet targeted attacks,” said Ian McShane, vice president of strategy at technology provider Arctic Wolf. security operations.
While it's unclear whether this breach occurred because the attackers identified Teqtivity as a potential entry point into Uber's internal systems or were simply lucky, the high volume of data exposed during the incident highlights that organizations cannot afford to ignore third parties. party risk.
Targeting third-party vendors via
Check out all the Smart Security Summit on-demand sessions here.
Who do you trust with your critical data assets? In an ideal world, the answer would be "nobody", but the reality is that most businesses rely on third-party vendors in one form or another to enable day-to-day processes and services. However, as Uber's latest breach showed, this can put protected information at risk.
Just yesterday, RestorePrivacy revealed that on December 10, Uber suffered a data breach after a malicious actor gained access to third-party asset management provider Teqtivity's internal systems and leaked account information. and the personal information of approximately 77,000 Uber employees on a hacker. forum.
Shortly after the news broke, Teqtivity released a statement explaining that hackers had hacked into the provider's AWS backup server, which stored customer code and files.
Above all, the breach highlights that companies cannot afford to rely on security measures from third-party vendors to protect their data, and suggests that organizations need to be much more proactive in due diligence on entities that they choose. associate with the sides.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look here A look at third-party riskThe breach comes just months after a Lapsus$ hacker hacked Uber into buying login credentials from an Uber EXT contractor and used MFA bombardment to bombard the user with login requests by SMS until he accepts one, giving the hacker access to Uber's internal systems. .
It also comes after a federal jury convicted former Uber CISO Joseph Sullivan of covering up a 2016 data breach.
While unlike those security mistakes, this latest breach stands out because it illustrates a trend of supply chain attacks against third-party vendors that are becoming more common, with research showing that 51% of organizations have suffered a data breach. caused by a third party.
"In recent years, we have seen that companies are increasingly at risk of being the 'target' or 'conveyor' allowing other organizations to be hacked. With this data breach, this type supply chain attack pattern becomes perhaps the Venn diagram where supply chain attacks meet targeted attacks,” said Ian McShane, vice president of strategy at technology provider Arctic Wolf. security operations.
While it's unclear whether this breach occurred because the attackers identified Teqtivity as a potential entry point into Uber's internal systems or were simply lucky, the high volume of data exposed during the incident highlights that organizations cannot afford to ignore third parties. party risk.
Targeting third-party vendors via
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
