After a Motherboard report in March said that details for at least some Uber accounts had been accessed by hackers who were selling them online for as little as $1, the publication is back with a followup to the story. Now, it looks like American Uber customers have been targeted by hackers, who may have obtained access to some accounts.
Some Uber customers have taken to Twitter to reveal that their Uber accounts have been used by unknown, unauthorized people to book and pay for rides, sometimes in markets other than the U.S.
“It was crazy,” Stephanie Crisco told the publication. “I used Uber for the first time Thursday night. On Friday morning I received a notification on my phone that my driver was en route. I didn’t request a driver. I clicked on the notification and it said that the ride was cancelled but the pickup was in London.”
Crisco also posted pictures on Twitter timeline showing a bunch of canceled Uber rides registered to her account, as well as rides that were paid for using her bank account (see image at the end of this post). Uber has refunded her for three rides, and Crisco cancelled her bank card since discovering the fraudulent charges.
Of note, Crisco did say that the same credentials she used for Uber were also used on other services, suggesting this isn’t necessarily an Uber hack. However, she wasn’t alone in reporting Uber account problems. Many other users have posted on Twitter, saying that their Uber accounts have been hijacked by unknown individuals who took rides using their accounts.
The company told Motherboard in a statement that it found no evidence of a breach. “We do not have any additional information to share beyond the statement we provided before: We investigated and found no evidence of a breach,” a spokesperson said. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”
The easiest thing you can do to protect your Uber account right now is actually to follow Uber’s advice and change your Uber password to something unique, so hackers who have stolen credentials from other services can’t reuse them on Uber.