Thousands of Uber accounts are allegedly being sold on the dark web

Thousands of Uber accounts are allegedly being sold on the dark web

Company says it’s investigating

By Josh Lowensohn on March 27, 2015 09:04 pm Email @Josh
http://www.theverge.com/2015/3/27/8304029/uber-investigating-hacked-account-claims

Thousands of Uber users account credentials could have been compromised, and are up for sale from unscrupulous sellers. At least two separate vendors on dark web marketplace AlphaBay are hawking active Uber accounts, Motherboard reports. Once purchased, these accounts let buyers order up rides using whatever payment information is on file. Those accounts can also show trip history, email addresses, phone numbers, and location information for people’s home and work addresses.

PEOPLE’S STOLEN UBER ACCOUNTS COST LESS THAN A MILE IN AN ACTUAL UBER

The sellers are offering up the accounts for $1 and $5 apiece, which incidentally won’t even get you a mile in an Uber car in New York City. However those with these stolen logins could theoretically use them to order up free rides until Uber, payment companies, or their real owners realize what’s happened. One of the two sellers Motherboard talked to says he or she has already sold more than 100 accounts to other buyers.

An Uber spokesperson told Motherboard that an investigation was underway, adding that it monitors its services for fraud. “We are looking into this and do not have any information to share at this time,” an Uber spokesperson said. “We use state of the art technology to prevent, detect, and investigate fraud. It’s important to note that attempting this type of fraud is illegal, and we take appropriate action when we confirm fraud, including notifying the proper authorities.”

Its currently unclear how these sellers acquired the account credentials, if there might be other sellers using the same information, or whether this stems from a larger security breach at the company. News of the accounts for sale comes just weeks after Uber disclosed that information about some 50,000 of its drivers had been accessed by a third-party last May. In its notice, Uber said the breach did not affect user names, suggesting this is unrelated.

Leave a Reply