Thousands of User Account Details are For Sale Online
In recent weeks, UBER has once again hit the headlines. But this time, it’s not the drivers who are up in arms; it’s the passengers. Although UBER is still denying any security breach, countless users have come forward to claim that their credit card has been charged for journeys taken by someone else, suggesting that their private accounts have been hacked. Many of them have gone on to post screenshots on social media platforms.
We first heard about fraudulent rides taking place on 28th March, when Darren Burn, founder of OutOfOffice.com, began tweeting screenshots from his UBER app. He noticed that his email address and phone number had been changed, and that multiple rides were being booked without his consent. One trip went all the way from London to Birmingham! This news was reported on Buzzfeed, following an article published on The Verge the previous day, which investigated the situation.
At present, there are two ‘dark web’ marketplaces (today’s equivalent of the black market) which are selling UBER account details for as little as $1 each. Not only does this give strangers access to your credit card to rack up journey fares through the UBER app, but it also reveals your home address, phone number and frequently visited locations.
The most worrying part is that, despite the evidence being printed in black and white across various respected news websites, UBER are still denying that there has been any security breach. Many complaints were simply not acknowledged, whilst others had replies which refused responsibility. This Buzzfeed reader wrote:
“My account was compromised and uber insisted it was me, it was very hurtful that they didn’t believe me! The support team thought me a liar and that uber could never be hacked. So glad I came across this article, uber is the liar!”
UBER advised that it was in fact the users’ email accounts which were hacked; a theory which has been rebuffed by those with 3 step authentication in place as a protective measure. A spokesperson for UBER reiterated their response:
“We take any issue of this nature very seriously and after investigating have found no evidence of a breach at Uber.”
We’re interested to see if the affected users will in fact receive refunds for the fraudulent journeys – some which add up to over €3000 per person. I sincerely hope so, because this sure is not what ‘sharing economy’ is all about.