In March, Motherboard reported Uber accounts had been stolen by hackers who were selling them on public forums for as low as $1. Now another report by the board claims that Uber has been hacked again, but this time the affected users are American citizens.
Some of the Uber customers are complaining on Twitter that someone accessed their accounts and not only booked rides but also paid for them without their knowledge. Most of the bookings were made for the destinations outside the United States.
One Uber customer Stephanie Crisco from North Carolina told Motherboard that:
“It was crazy!!” “I used Uber for the first time Thursday night. On Friday morning I received a notification on my phone that my driver was en route. I didn’t request a driver. I clicked on the notification and it said that the ride was cancelled but the pickup was in London.”
Crisco also posted a screenshot on Twitter showing how someone booked rides by using her account. Crisco has canceled her credit card after discovering the unauthorized use of her card and account. Uber also has refunded her for three rides.
Crisco is not the only Uber customer who has reported the hack on Twitter. There are several other users posting screenshots of transactions made from their accounts without their knowledge.
See some more Tweets from users in the United States complaining about these unauthorized transactions:
@Uber I have $70 with of charges on my card that I did not authorize!!! I need someone to contact my asap before I sue!
— zha[nay] (@nay_TWOtimes) May 1, 2015
@Uber account has been hacked and charged almost $200. Uber has no sense of urgency when fraud has been committed. Still no email!!
— Allison Martin (@albabym) May 1, 2015
— Tonya Andrews (@gurlygirl09) May 1, 2015
In a statement, Uber told Motherboard that it found no evidence of a breach.
“We do not have any additional information to share beyond the statement we provided before: We investigated and found no evidence of a breach,” a spokesperson said. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”
The easiest thing you can do to protect your Uber account right now is to follow Uber’s advice and change your Uber password to something unique, so hackers who have stolen credentials from other services can’t reuse them on Uber.
Change your username and password ASAP
We advise to change your username and passwords asap, do NOT click links or download attachments from unknown senders. It could be a phishing scam to steal your login details.