Cyber security firm Cyble has recently discovered that the user records from UberEats have been leaked onto the dark web. Researchers at the firm analyzed 9 TXT files leaked by the threat actor which contained details of UberEATS delivery drivers, delivery partners, and customers. The leaked files also include login credentials of 579 UberEATS customers.
In addition, cyber security firm DarkOwl also noted a 230% increase in mentions of food delivery and personal shopping services on the dark web between 2019 and 2020. Part of this increase is being attributed to the COVID-19 pandemic.
While the obvious issues of identity theft and credit card fraud are problematic with this kind of data being dumped onto the dark web, there are other implications for businesses. The verdict writes: “The information can also be used to conducted “targeted phishing” on the account holders, enabling hackers to gain access to their personal computers and conduct further attacks such as ransomware.” If your staff use their corporate email accounts to access services like UberEats, then they could be the target of a phishing campaign where they may give up your corporate information, or unwittingly install ransomware on your corporate computers.
Password re-use is also a common problem. Some security experts believe that many of the passwords that were exposed could be from previous breaches where consumers are re-using the same passwords. When it comes to protecting your organization, having policies that discourage password re-use are important. In addition, you should also have your cyber security provider perform a dark web scan to ensure your staff’s credentials aren’t for sale on the dark web. One breached password is all it takes for a hacker to destroy your business. Contact Uzado today to perform a dark web scan for you corporate credentials.