Tech website, Motherboard, is reporting that there are active Uber user accounts for sale on the dark web, which are priced as low as one dollar. The article states, “One seller claims he has “thousands” of user logins for sale.”
Data security is not a new issue for Uber; a month prior to the Motherboard report, Uber released a statement regarding an unauthorized third party database access that occurred in May 2014. According to the February press release, the breach was found in September. The incident affected current and previous Uber partners by exposing their names and driver’s license number.
While Uber login information may not seem as sensitive as social security numbers, the information that can be accessed after logging into the account is important. Uber stores the last four digits of a credit card number, the expiration date and trip history, which commonly includes a user’s address. In addition, after purchasing login information, a person can start booking cabs and charging tips.
Uber and Motherboard have conflicting reports regarding the incident. Motherboard reached out to three people who owned Uber accounts that were found on the dark web. Two of the three people confirmed that the usernames and passwords were correct; the third person did not respond. Uber has released a statement in regard to Motherboard’s article.
“We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report,” an Uber Spokesperson said. “This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”
The statement focuses on personally safeguarding an account. Damage can stop at Uber if the account owner has fully secured his or her other e-commerce accounts. However, if the user has the same or similar usernames and passwords across various websites, the financial damage can spread across the web.
Consumers can only do so much to secure an account. Therefore, it is critical to implement verification and authentication software to protect a company, its employees and customers.