Vendors on the shadier side of the internet have been discovered to be selling stolen Uber login information for as little as US$1 (about RM3.70). Two particular vendors have been discovered, and it appears that the username and password combinations are perfectly valid and work just fine for hailing rides.
One seller, using the moniker Courvoisier, claims to have thousands of login credentials; all of which apparently came from hacking attempts. Courvoisier does not reveal what exactly was hacked to gain this information, but he is selling it for the low price of US$1 per account. A similar vendor, ThinkingForward, charges the comparatively exorbitant price of US$5 (about RM18) per account; although there are discounts for bulk purchases.
The login information gives just about anyone access to the victim’s Uber account, which generally contains a full trip history. This could potentially reveal a person’s home and work address, and it gets worse. While credit card numbers are not stored in the database, there it does show the last four digits and expiration date. Both of which are generally used by banks for identity verification. There is a potential for cyber-criminals to buy this information and use it for further identity fraud.
Uber has said that there has been no breach of its servers of late, and the company does not know how these vendors got hold of the information. It could be that the affected users we victims of phishing activities, or could have been individually hacked. The idea that the Uber app could have been hacked to retrieve user information has dire implications users of the ride sharing service.
It should be noted that buying this information is highly illegal and should not be done. Using the stolen information is also similarly illegal as it would be buying services using a stolen credit card. That being said, customers have been leaving good reviews for these vendors; which gives the whole situation a very surreal feel.