Uber riders wary of unexpected fares now face bigger problems than surge pricing. Cybercriminals are selling compromised accounts on the dark web, and users say they’re being billed for trips in places such as China without ever leaving home.
Reports of Uber users encountering charges for rides in places they’ve never been visited have surfaced routinely in the past few months, and the company has claimed it relies on “state of the art technology to prevent, detect and investigate fraud.” As those reports adds up, however, stolen accounts are continuing to be bought and sold online, and at prices lower than ever.
Vice’s Motherboard noted recently at least three Twitter users had complained in as many days about being randomly charged for rides in China when they were on the other side of the world.
“I had a great ride in China this morning! Except, weird, I wasn’t in China this morning,” Twitter user Kirby Bittner of San Francisco wrote Sept. 21. In a followup to Uber two days later, she said the issue had yet to be resolved.
According to a representative for the rideshare service, the rash of mysterious charges isn’t the result of a hack, but rather poor security practices by the users.
Kayla Whaling, a spokesperson for Uber, told SCMagazine.com that the company has been searching for “password collections” that end up online and eventually are used to crack into accounts. Criminals may then order rides with the app using a stolen account, at which point an accomplice or another scammed Uber user signs off on the ride and splits the subsequent proceeds, according to The Register
“Our security teams are laser focused on protecting the integrity of our community’s Uber accounts,” Uber said in a statement to Motherboard. “We use technical measures to detect any issues and are always enhancing the measures we deploy to protect our users’ accounts. We also encourage all of our users to choose strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”
The number of fraud cases popping up within Uber amounts to roughly 3 percent of the company’s business, The Register reported. But as the rideshare service surges in popularity — and months after initial reports first began to appear — the incidents have done anything other than subsided.
According to Motherboard, the price of hacked Uber accounts on the underground marketplaces has dropped from roughly $1 apiece in May down to just 40 cents in August.