Hackers may have hit Uber and stolen user account details including log-in credentials, full names, the last four digits of credit card numbers and telephone numbers, Threatpost reveals, although the next-generation taxi service is denying the report. The scariest part is that an Uber account can seemingly be bought for as little as $1 on underground forums.
Online publication — Motherboard, which first reported the news — says that it was able to verify that at least some of the accounts it purchased are actually active, even though Uber denies claims that hackers were able to steal such sensitive personal data.
“We investigated and found no evidence of a breach,” an Uber spokesperson told Threatpost. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”
The information that’s actually at risk is far more precious than partial payment information. Access to a user’s Uber account would also give hackers access to trip history, as well as home and office addresses.
Of course, the people who purchase these stolen accounts could also use them to score free Uber rides.