Cyber Incident Victim: Uber Eats

On August 4, 2020, cybersecurity firm Cyble reported discovering a data leak involving UberEats, Uber’s food delivery platform, after identifying threat actor activity on the dark web. During routine dark web monitoring, Cyble’s research team located leaked user records purportedly belonging to UberEats customers, delivery drivers, and delivery partners. The threat actor distributed nine text files containing compromised data, which Cyble obtained and analyzed. These files exposed login credentials for 579 UberEats customer accounts and personal details of 100 delivery drivers. The breach included sensitive information such as full names, contact numbers, bank card details, trip histories, and account creation dates, indicating a significant compromise of user and driver data. No technical details regarding the breach method or initial intrusion vector were disclosed in the report.

The leaked data posed risks of financial fraud, identity theft, and credential reuse attacks against affected individuals due to the exposure of payment card information and authentication details. Cyble confirmed the legitimacy of the data through analysis but did not specify whether Uber had validated the breach at the time of reporting. The incident highlighted vulnerabilities in third-party delivery platforms, though the exact source of the data leak—whether from UberEats’ systems, a partner organization, or credential-stuffing attacks—remained unconfirmed. The scope of the leak suggested targeted extraction of operational and financial records, with delivery drivers’ information potentially enabling further social engineering or phishing campaigns. UberEats’ parent company, Uber, had not issued a public statement addressing the leak as of Cyble’s disclosure date.