According to a Motherboard report, stolen Uber user accounts are being traded in the shadier corners of the Web, changing hands for as little as $1 each. Exactly where these account credentials have been obtained isn’t clear, and Uber itself has denied any breach of its systems.
It seems that these accounts have been obtained without authorization and without Uber or users knowing. Buy one of these sets of login details and you can then take a taxi ride and charge it to someone else’s tab. Although the actual credit card data is not included in the information for sale, each Uber account is linked to a card for instant billing.
“We investigated and found no evidence of a breach,” said Uber in response to Motherboard’s article. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”
If you use your Uber password elsewhere, now might be a good time to change it. Trip history, phone numbers, and email addresses could also be exposed through the unauthorized use of someone else’s details, and based on Motherboard’s investigating they seem to be genuine accounts. The sellers are claiming to have thousands of accounts to distribute.
It’s not been the easiest year for Uber so far. Back in February, the company reported that details for 50,000 of its drivers could have leaked out into the public domain, while the firm also had to take extra steps to ensure passenger and driver safety on the roads. Only a few days ago the service was banned in Germany over a row about driver permits.