Despite Denial, Uber Users Complaining of Hacked Accounts
About a week ago, Motherboard reported that Uber accounts were being sold en masse on Dark Net Markets for $1 to $5. Uber has since denied the claim, but numerous complaints have surfaced on Twitter, and elsewhere that impostors had been using legitimate accounts to utilize the global, semi-peer-to-peer taxi service.
In one case, Mike Crossley of London had been billed around three thousand British pounds for rides he never took. While still denying that there had ever been a breach, Uber has agreed to refund the 35-year-old record producer, according to Business Insider.
Payment Information Required During Registration
Whether there has been a breach of Uber servers or not, a fact which would surprise no one, the fact that Uber requires users to enter their payment information and store it with them during the registration process is a major part of the problem. Unlike other app-based services which require your payment information when actually making a purchase and offer to save the details, Uber wants your credit card or Paypal or Google Wallet authorization from the first minute you install the application. This makes them responsible for said data, and this might be a large contributing factor to their reluctance to admitting a server breach.
Large-scale user account dumps have become routine in the age of the Internet. Retailers are a favored target because they often associate payment details with user accounts. In the case of Uber, not only could a user scam a free ride via purchasing a hacked account on a dark net market, but they could potentially scam the company by actually utilizing the services of a friend whom they split the take with. Crossley, for instance, noted that luxury services were often hired with his account.
Other users in London have been having similar issues, as seen below:
And London, in general, seems to have a lot of troubles with Uber:
Price is Not the Only Consideration
These recent problems Uber has been having, in addition to other flak the company has taken due to the personality of its founder, billionaire Travis Kalanick, seem not to dissuade its many patrons. The high cost of cab fare in some regions is a great contributor.
In London, for instance, a trip from Heathrow to Buckingham Palace will cost around £73.91 via conventional taxicab, whereas the economy option on Uber would cost a little more than half of that. But with the cab, you could simply pay cash and not have to worry about your card information being stolen, which can be far costlier. You also wouldn’t have to put your faith in a company that regularly is the subject of intense government investigation and has more than once had customers severely assaulted at the hands of its employees. Thus, price should not be the only consideration when deciding how to travel across town.
Uber Still Not Confessing to a Breach
Uber has repeatedly denied that its servers have been breached, and this could be simply because such breaches went undetected. It could also mean that the account hacks are commencing by other means, but it is unlikely that so many would be available by other means.
As seen below, dark net vendors are still actively trafficking in hacked Uber accounts:
Images courtesy of Shutterstock and phm.link.
Uber representative Trina Smith contacted us about this story, saying:
We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.