Thousands of stolen Uber user accounts are said to be selling on a dark web marketplace for as little as $1 each, according to a new report from Motherboard. These account details are described as being compromised without either the owners or Uber knowing, and thus can be used at will once purchased. This means someone would be able to log in to the app with someone else’s account, and then order rides, which would be charged to the payment info on file.
Motherboard says it spoke to two unnamed sellers from the marketplace AlphaBay, each offering Uber accounts for $1 and $5. However, it wasn’t made clear exactly how these stolen accounts were acquired, as one of the sellers simply said they had “hacked accounts,” and with thousands available, they had already sold over 100.
If what the vendors are selling are legitimate accounts, what makes the situation worse is that buyers can get more than just free rides. Account details also include a user’s trip history, phone numbers, email addresses, and addresses for home and work locations. As for the payment details, someone could continue ordering free rides until Uber, the account owners, or their payment companies recognize something is amiss.
Uber has already issued a statement in response the Motherboard report, saying they found no evidence of any security breach. A spokesperson added, “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report.” It’s exactly because of situations like this that it’s important to use unique usernames and passwords, and not re-use them on multiple website and services.