Exploit: Unauthorized Database Access
Uber Eats: App-Based Food Delivery Service

Risk to Small Business: 2.691 = Moderate

Security analysts doing routine Dark Web and Deep Web monitoring uncovered a data dump containing details about customers, delivery drivers, and delivery partners for UberEats. The 9 TXT files leaked by the threat actor include login credentials of 579 UberEATS customers and details of 100 delivery drivers. The data includes login credentials, full name, contact number, trip details, bank card details, and, account creation dates.

Individual Risk: 2.377 = Severe

No details about how affected customers and drivers will be informed or any remediationn offered have been released. UberEats customers, drivers, and partners should reset their account credentials and be alert for credit card fraud, spear phishing, and identity theft dangers.

Customers Impacted: 679

How it Could Affect Your Customers’ Business: This breach is especially troubling because it is unacknowledged and it was discovered by Dark Web analysts instead of internal IT, putting in question the company’s transparency about security and attention to small security issues.

Source:
https://securityaffairs.co/wordpress/106770/deep-web/ubereats-data-leaked-dark-web.html?web_view=true