# The Continuing Saga of Hacked Uber Customer Accounts



## chi1cabby (May 28, 2014)

*Stolen Uber Customer Accounts Are for Sale on the Dark Web for $1*
*http://motherboard.vice.com/read/stolen-uber-customer-accounts-are-for-sale-on-the-dark-web-for-1?utm_source=mbtwitter*


----------



## observer (Dec 11, 2014)

chi1cabby said:


> http://motherboard.vice.com/read/st...le-on-the-dark-web-for-1?utm_source=mbtwitter


This seems to be a problem in Mexico, the GDL and DF twitter accounts are full of complaints. Some of them complaining it's taking days to get an answer.


----------



## observer (Dec 11, 2014)

I found one guy complaining about filing a complaint on something, 5 days ago. Still no answer, except please excuse us we have many solicitations (nice Uber name for complaints) and will respond as quickly as possible.


----------



## Casuale Haberdasher (Dec 7, 2014)

chi1cabby said:


> http://motherboard.vice.com/read/st...le-on-the-dark-web-for-1?utm_source=mbtwitter


POST #"1 /@chi1cabby : Bemused Bison
thinks that
THIS COULD BE worse for #[F]Uber than
the Recent DoubleSpiff OnBoarding dis-
aster was/is for Lyft!


----------



## BlkGeep (Dec 7, 2014)

Cha-ching! I'm too lazy to read but are we in any way responsible for payments that come back fraud? It's my understanding we get paid regardless of Ubers problems collecting, if we get paid either way I know some people bout to take some long surge trips.

 just kidding, I don't even know what Silk Road is, errr, I mean dark web.


----------



## hangarcat (Nov 2, 2014)

chi1cabby said:


> http://motherboard.vice.com/read/st...le-on-the-dark-web-for-1?utm_source=mbtwitter


What if forged driver app can be bought? Could someone use my ID to obtain app then commit crime & cops come to me? If I have app and commit crime can I say someone else did crime with my stolen ID?
Can of worms here maybe...


----------



## chi1cabby (May 28, 2014)

hangarcat said:


> What if forged driver app can be bought? Could someone use my ID to obtain app then commit crime & cops come to me? If I have app and commit crime can I say someone else did crime with my stolen ID?
> Can of worms here maybe...


I've given this some thought. 
I think this is unlikely. There have been no indications that login info to Drivers Accounts has been breached. (The last Uber data breach exposed driver's name & DL numbers.)


----------



## TwoFiddyMile (Mar 13, 2015)

Wait til people use hacked accounts to go Boston/NYC.
Then feathers will be ruffled.


----------



## UberCemetery (Sep 4, 2014)

*SHARE THIS STORY.*

https://twitter.com/home?status=https://uberpeople.net/threads/stolen-uber-customer-accounts-are-for-sale-on-the-dark-web-for-1.16647/

https://www.facebook.com/sharer/sharer.php?u=https://uberpeople.net/threads/stolen-uber-customer-accounts-are-for-sale-on-the-dark-web-for-1.16647/

https://plus.google.com/share?url=https://uberpeople.net/threads/stolen-uber-customer-accounts-are-for-sale-on-the-dark-web-for-1.16647/


----------



## hangarcat (Nov 2, 2014)

chi1cabby said:


> I've given this some thought.
> I think this is unlikely. There have been no indications that login info to Drivers Accounts has been breached. (The last Uber data breach exposed driver's name & DL numbers.)


That's enough to create an identity adequate to obtain job, real estate, credit, Uber driver's app among many things. A duplicate DL has a data strip with your life history. Ask any *******.


----------



## observer (Dec 11, 2014)

hangarcat said:


> That's enough to create an identity adequate to obtain job, real estate, credit, Uber driver's app among many things. A duplicate DL has a data strip with your life history. Ask any *******.


Yes, as the resident *******, he is probably correct. Except for one thing, they stole the NAMES and NUMBERS not the data strips.


----------



## observer (Dec 11, 2014)

observer said:


> Yes, as the resident *******, he is probably correct. Except for one thing, they stole the NAMES and NUMBERS not the data strips.


I'll check with my contact at the MacArthur Park immigration center.


----------



## chi1cabby (May 28, 2014)

hangarcat said:


> Ask any *******.


Wow!


----------



## hangarcat (Nov 2, 2014)

chi1cabby said:


> Wow!


Or ISIS operative posing as one.


----------



## hangarcat (Nov 2, 2014)

observer said:


> Yes, as the resident *******, he is probably correct. Except for one thing, they stole the NAMES and NUMBERS not the data strips.


Name & # = duplicate DL


----------



## observer (Dec 11, 2014)

hangarcat said:


> Name & # = duplicate DL


You need more than just a name and number to get a duplicate DL. You also need a thumbprint. Trust me on this, I just went to get a duplicate license this week.


----------



## observer (Dec 11, 2014)

hangarcat said:


> That's enough to create an identity adequate to obtain job, real estate, credit, Uber driver's app among many things. A duplicate DL has a data strip with your life history. Ask any *******.


Your ******* comment reminded me of this,










remember, some of us have backs wetter than others.

We are all immigrants.


----------



## chi1cabby (May 28, 2014)

These hacked Uber Accounts are now being hit with fraudulent charges. Yet Uber is Not acknowledging the breach or notifying account holders to change their passwords.

*Uber Users Say They're Being Charged for Trips They Didn't Take
JOSEPH COX*
*http://motherboard.vice.com/read/ub...or-trips-they-didnt-take?utm_source=mbtwitter*


----------



## chi1cabby (May 28, 2014)




----------



## hangarcat (Nov 2, 2014)

chi1cabby said:


> These hacked Uber Accounts are now being hit with fraudulent charges. Yet Uber is Not acknowledging the breach or notifying account holders to change their passwords.
> 
> *Uber Users Say They're Being Charged for Trips They Didn't Take
> JOSEPH COX*
> http://motherboard.vice.com/read/ub...or-trips-they-didnt-take?utm_source=mbtwitter


http://www.theguardian.com/technolo...nies-security-breach-logins-for-sale-dark-web


----------



## hangarcat (Nov 2, 2014)

observer said:


> Your ******* comment reminded me of this,
> 
> View attachment 6290
> 
> ...


In fact my Grandfather was illegal.


----------



## Casuale Haberdasher (Dec 7, 2014)

BlkGeep said:


> Cha-ching! I'm too lazy to read but are we in any way responsible for payments that come back fraud? It's my understanding we get paid regardless of Ubers problems collecting, if we get paid either way I know some people bout to take some long surge trips.
> 
> just kidding, I don't even know what Silk Road is, errr, I mean dark web.


POST # 5 /BlkGeep : Bewordy Bison al-
ways finds
B.G.'s Route to Humor Silky Smooth!

Bison chortling.


----------



## chi1cabby (May 28, 2014)

*Some Uber users are claiming their accounts have been hacked*
*http://www.businessinsider.com/some-uber-users-say-their-accounts-are-being-hacked-2015-3*


----------



## LAuberX (Jun 3, 2014)

http://techfrag.com/2015/03/30/digital-thieves-riding-stolen-accounts-uber-users/

I just hope I can drive them for an hour at 3.1 surge !


----------



## UberCemetery (Sep 4, 2014)

*Inside the Dark Web*

*http://www.pcmag.com/article2/0,2817,2476003,00.asp

https://www.torproject.org/








*


----------



## chi1cabby (May 28, 2014)

*Londoner hit with £3,000 cab bill after 'hackers' rack up 142 Uber journeys*
*http://www.standard.co.uk/news/lond...ckers-rack-up-142-uber-journeys-10144655.html*


----------



## just drive (Oct 29, 2014)

chi1cabby said:


> View attachment 6292
> 
> 
> Look at some of the fraudulent trips! It doesn't even make any sense why anyone would take all these meandering, roundtrips...
> ...


Petar only got 4 stars


----------



## arto71 (Sep 20, 2014)

*Uber denies security breach despite reports of logins for sale online.*
*Uber denies that its servers were hacked after reports that thousands of usernames and passwords for the taxi-like service are available to buy for as little as $1 online.

Two sellers with outlets on the AlphaBay Market dark web marketplace, hidden from the open internet within the Tor anonymity network, claim to sell stolen, working Uber credentials allowing purchasers to login and book rides.

According to the market place listing, one vendor has sold over 180 Uber logins since 18 March.

But Uber denies that the stolen logins came from its servers suggesting that users should avoid sharing the same login credentials across multiple sites.

"We investigated and found no evidence of a breach," said an Uber spokesperson in a statement. "Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report."

Technology site Motherboard was able to verify that some of the stolen credentials were valid and included names, usernames, passwords, partial credit card numbers and telephone numbers for Uber users.

Uber has been criticised in the past for the way it handles customer data and the ability of staff to access a "god mode", which allowed employees to track riders using the GPS in their smartphones and the Uber app.
The company changed its privacy policy and the way customer data was handled in response to outcry from BuzzFeed reporter Johana Bhuiyan, who claimed that an Uber executive had accessed her profile without her knowledge prior to a meeting.

Uber now enforces a "strict policy prohibiting all employees at every level from accessing a rider or driver's data" except for "legitimate business purposes", although what constitutes a business purpose is not defined.
*


----------



## arto71 (Sep 20, 2014)

just drive said:


> Petar only got 4 stars


With $210 ride I'll take 4* rating any time of day


----------



## Disgusted Driver (Jan 9, 2015)

BlkGeep said:


> Cha-ching! I'm too lazy to read but are we in any way responsible for payments that come back fraud? It's my understanding we get paid regardless of Ubers problems collecting, if we get paid either way I know some people bout to take some long surge trips.
> 
> just kidding, I don't even know what Silk Road is, errr, I mean dark web.


Nice, there is some ceiling, I think anything over $150 they hold till it clears. Would be very interesting to see how they handle these. We could probably get away with one or two long surge trips but I'm sure their fraud prevention would kick in pretty quickly and deactivate you. They deactivated people who did a lot of tiny trips for guarantees or had extra trips because they gave the same rider two trips during a guarantee period. so yeah, would be fun to take the phone for a ride once but if you went back to this well again you would get nailed.


----------



## anOzzieUber (Oct 31, 2014)

Time for Uber to start showing drivers a picture of the pax on our phone so that we can verify they are who they say they are? I know it's not going to completely solve this problem, but it might be a start.

I still don't fully understand how this works - if I was to buy one of these hacked accounts, log into it on my phone and take a trip, wouldn't the trip data that Uber collects somehow also record the my mobile phone number? 

Not sure how things work OS, but here we need to provide 100 points of ID to get a phone number (and I know there are probably ways around this, but still it does make it harder)


----------



## Disgusted Driver (Jan 9, 2015)

anOzzieUber said:


> Time for Uber to start showing drivers a picture of the pax on our phone so that we can verify they are who they say they are? I know it's not going to completely solve this problem, but it might be a start.
> 
> I still don't fully understand how this works - if I was to buy one of these hacked accounts, log into it on my phone and take a trip, wouldn't the trip data that Uber collects somehow also record the my mobile phone number?
> 
> Not sure how things work OS, but here we need to provide 100 points of ID to get a phone number (and I know there are probably ways around this, but still it does make it harder)


In the US you can get a prepaid phone without any id, ten or twenty bucks and then you load it with more time as you need. So they are completely untraceable if you pay with cash. I don't think the app transmits your actual phone number from the device you ordered it from, I think they use the number on file for the account. I say this because I have had several occasions where I call a pax, they don't get the call but I find them anyway and it turns out they didn't pay the bill on that one or they have a new number....


----------



## chi1cabby (May 28, 2014)

*More and more people are claiming their Uber accounts have been hacked*
http://uk.businessinsider.com/london-uber-hack-deep-web-accounts-2015-4


----------



## Actionjax (Oct 6, 2014)

I went and bought Juber's info so I think we can have a bit of fun with it.


----------



## chi1cabby (May 28, 2014)

chi1cabby said:


> More and more people are claiming their Uber accounts have been hacked


Uber's Response: Delete @Uber_LDN Acc. & All the tweets by it! 









Click on this Twitter link, then click on "Uber_LDN". You get a message "User Not Found".

__ https://twitter.com/i/web/status/583639060058505216
When Moving to a New Acc in the past, Uber has kept the Old Acc active.


----------



## Actionjax (Oct 6, 2014)

chi1cabby said:


> Uber's Response: Delete @Uber_LDN Acc. & All the tweets by it!
> View attachment 6454
> 
> 
> ...


Sorry guess I don't see what the problem is here. Most companies work at consolidating when they get bigger. It saves them having to monitor multiple twitter accounts and manage them from top of house. Deleting all tweets stops people from getting confused that the old account is the one active. Don't think this is an attempt to hide anything. All they are deleting is their responses, not the complaint. That would live on the users account.

Right now Uber has way to many places for help.


----------



## chi1cabby (May 28, 2014)

Actionjax said:


> Sorry guess I don't see what the problem is here.


It didn't just Move the Twitter account, like in case of Uber_Tor or Uber_Cbus. It Deleted the account and all tweets from it. And Uber did this amidst a major hack of Uber_LDN user Accts.

When someone looks up Uber_LDN they get "User Not Found". And when someone tweets to Uber_LDN, the tweet goes to no one on the other end.

I doubt a more ethical corporation would change it's customer service number in the middle of a crisis, and Not even give the New customer service number in a recording. That's what Uber_LDN just did.


----------



## Actionjax (Oct 6, 2014)

chi1cabby said:


> It didn't just Move the Twitter account, like in case of Uber_Tor or Uber_Cbus. It Deleted the account and all tweets from it. And Uber did this amidst a major hack of Uber_LDN user Accts.
> 
> When someone looks up Uber_LDN they get "User Not Found". And when someone tweets to Uber_LDN, the tweet goes to no one on the other end.
> 
> I doubt a more ethical corporation would change it's customer service number in the middle of a crisis, and Not even give the New customer service number in a recording. That's what Uber_LDN just did.


Actually Toronto did just that. They deleted the account and then recreated it days later once the shit hit the fan. Looks like Uber London made the same mistake when they went to @Uber_UK.

Sorry I'm not buying that the 2 actions are related. I would say this is more to do with poor planning on their social media teams. And there is no evidence to support that since this looks to be a worldwide directive to move from City wide twitter accounts to State or Country wide accounts.


----------



## chi1cabby (May 28, 2014)

*This Is the Dark Web Guide to Using Stolen Uber Accounts*
*http://motherboard.vice.com/read/uber-accounts-for-sale-on-the-dark-web?utm_source=mbtwitter*


----------



## chi1cabby (May 28, 2014)

*More Uber Accounts Have Been Hacked, This Time in the United States*
*http://motherboard.vice.com/read/more-uber-accounts-have-been-hacked-this-time-in-the-united-states*


----------



## Fuzzyelvis (Dec 7, 2014)

chi1cabby said:


> View attachment 6292
> 
> 
> Look at some of the fraudulent trips! It doesn't even make any sense why anyone would take all these meandering, roundtrips...
> ...


Wouldn't the best customers for stolen accounts be drivers? In which case trips that make no sense would make sense.


----------



## Lidman (Nov 13, 2014)

This would make a great movie....


----------



## Disgusted Driver (Jan 9, 2015)

Fuzzyelvis said:


> Wouldn't the best customers for stolen accounts be drivers? In which case trips that make no sense would make sense.


Yes but you know how people be dumb and keep returning to what worked till they get caught. If you did it once you woud easily get away with it, give yourself a great long ride. As soon as you do it multiple times or with multiple accounts their fraud prevention software would kick in.


----------



## chi1cabby (May 28, 2014)

*How Hackers Can *
*Crack People's Uber Accounts to Sell on the Dark Web*
*http://motherboard.vice.com/read/how-hackers-cracked-peoples-uber-accounts-to-sell-on-the-dark-web*


----------



## Actionjax (Oct 6, 2014)

So in a nutshell this isn't stealing accounts from Uber. This is a blunt attack on logins that can happen on almost any site that does not lock accounts out for multiple failed attempts.

Again does not seem to be an Uber problem per say but a problem with users who use the same passwords as other sites.

So not only is the user vulnerable on Uber but most likely anywhere they have signed up an account on. Uber just happens to effect them monetarily.


----------



## chi1cabby (May 28, 2014)




----------



## Jeff Saloon (May 4, 2015)

Yes, security has to be beefed a bit in that department. We can't have a driver pretending to be George Clooney.


----------



## Actionjax (Oct 6, 2014)

chi1cabby said:


> View attachment 7042


Everyone is a security expert after the fact. Then again so could a great many other sites. But I find it funny how we all like to point fingers at Uber and claim that they are lying about a security breach. And then change course to say they were not breached but were not as sound as they should have been.

Again we went from stolen accounts from Uber. To Uber letting stolen accounts to be used running a few scripts that were stolen by doing brute force attacks on other web sites.

Anything to make headlines I guess.


----------



## ReviTULize (Sep 29, 2014)

The answer is so simple. Cancel the credit card. This is no different than you cc being stolen. Except that Uber is ignoring it


----------



## arto71 (Sep 20, 2014)

chi1cabby said:


> *How Hackers Can *
> *Crack People's Uber Accounts to Sell on the Dark Web*
> *http://motherboard.vice.com/read/how-hackers-cracked-peoples-uber-accounts-to-sell-on-the-dark-web*


*Monrovia Woman Says She Was Billed for $400 in Fraudulent Uber Charges*
http://ktla.com/2015/05/09/monrovia-woman-says-she-was-billed-for-400-in-fraudulent-uber-charges/


----------



## arto71 (Sep 20, 2014)

*$1,300 Uber bill for trip she didn't take*
*(KMSP) -

She hasn't been to New York City in years, but she was charged over $1,300 for several Uber rides in the Big Apple.

Mimi Daniel of New Brighton, Minn. was shocked when she saw a bill from the popular ride-share service Uber for nearly 115 miles of travel. It included a trip that took someone through Brooklyn and was nearly 32 miles, then a 14.5 mile nighttime trip through Manhattan. That was followed by an early morning Sunday drive through multiple boroughs which went on for 65 miles. All of this showed up on Mimi's app.

"It's disgusting, it's disturbing," Mimi said the fraudulent fare. "It totaled $1,342."

Besides Mimi not being in the SUV for the tour of the 'City that Never Sleeps,' something else was suspicious. Every trip began and stopped at almost the exact same spot, and according to the app, all of the trips had the same driver, someone with the name "Jackqueline."

"There were three rides, but what it showed was they attempted six. But anytime they got a different driver than the one that they wanted, they would quickly cancel it and request again and get this particular driver," Daniels said.

To add insult to injury, the scammers added a picture of cash to the profile picture on Mimi's app, and changed the first name to Rich.

"So they're bragging that they're making money," she told Fox 9.

Mimi e-mailed Uber, and after multiple exchanges -- never over the phone -- Uber refunded the money, telling her, "While it looks like your account was impacted, our team has investigated and found no evidence of a system-wide breach at Uber."

Mimi still has concerns about the company.

"I used to be a loyal Uber fan. I would tell everyone about it. I just swore by it. Now, I don't know. I don't know who's driving me."

Mimi tells Fox 9 she is frustrated to still not have answers about how her account was breached. Mimi is also upset Uber never talked to her on phone, or told her they would look into how someone, who appears to be the same driver, ran up a bill for nearly an entire day of driving.

Ask whether she would use Uber again, Mimi answered, "had this situation been handled differently, I would have (used Uber again). Or maybe if they would have assured me this is what they're doing to look into it, and these are the measures they're going to take make sure it's not going to happen to other people or to reduce that type of thing, then I would have considered it.

Uber statement

"Maintaining the security of our systems is an ongoing priority at Uber and we continue to investigate this particular incident. We use the latest tech innovations to enhance security and are always adding new features. Riders and drivers should remember to use strong and unique usernames and passwords and avoid reusing the same credentials across multiple sites and services&#8230;Because of the transparency and traceability of the Uber app, instances of fraudulent activity can be quickly identified and refunded. If a rider is a victim of fraud, we encourage them to contact Uber's 24/7 support team as quickly as possible either in the app, or by replying to the email receipt."

The role and identity of this Uber driver is still unclear.

*


----------



## chi1cabby (May 28, 2014)

arto71 said:


> $1,300 Uber bill for trip she didn't take


http://www.myfoxtwincities.com/story/29059766/1300-uber-bill-for-trip-she-didnt-take

The driver is the one who bought the hacked Accs. & made these fraudulent charges! Three fraudulent trips, same driver, trips starting & ending at the same location & trips that went to other Drivers were cancelled.


----------



## chi1cabby (May 28, 2014)

Usage of hacked Uber accounts is spreading. Uber now has a help page dedicated to it:

*I THINK MY ACCOUNT IS COMPROMISED*
*https://help.uber.com/h/cfd6874f-7d1d-4be1-b983-131ad3c4af57*


----------



## chi1cabby (May 28, 2014)

*Uber's Response to Hacked Accounts Is More Bad Security*
*LORENZO FRANCESCHI-BICCHIERAI*
http://motherboard.vice.com/read/ub...nts-is-more-bad-security?utm_source=mbtwitter


----------



## arto71 (Sep 20, 2014)

chi1cabby said:


> *Uber's Response to Hacked Accounts Is More Bad Security*
> *LORENZO FRANCESCHI-BICCHIERAI*
> http://motherboard.vice.com/read/ub...nts-is-more-bad-security?utm_source=mbtwitter


*FBI investigates as 'phantom' cab rides appear on hacked British Uber account*
*http://www.theguardian.com/technology/2015/may/23/uber-under-fire-fbi-probe*


----------



## arto71 (Sep 20, 2014)

chi1cabby said:


> *Uber's Response to Hacked Accounts Is More Bad Security*
> *LORENZO FRANCESCHI-BICCHIERAI*
> http://motherboard.vice.com/read/ub...nts-is-more-bad-security?utm_source=mbtwitter


TV presenter Anthea Turner, who tweeted to Uber: "Account has been hacked nothing to help me on website - this is ridiculous."

__ https://twitter.com/i/web/status/585500619080867840


----------



## chi1cabby (May 28, 2014)

*Uber Under FBI Investigation For Leaked Customer Account Information*
http://www.ibtimes.com/uber-under-f...tomer-account-information-1936092?rel=latest4


----------



## chi1cabby (May 28, 2014)

*FBI launch probe after British and US Uber users say phantom cab rides appear on their accounts*
http://www.dailymail.co.uk/news/art...s-say-phantom-cab-riders-appear-accounts.html

Hat tip to djino


----------



## chi1cabby (May 28, 2014)

*Uber Denies Existence of FBI Investigation Into Its Hacked Accounts*
*http://motherboard.vice.com/read/uber-denies-existence-of-fbi-investigation-into-its-hacked-accounts*


----------



## arto71 (Sep 20, 2014)

*How did my dad's Uber account get hacked?*

http://www.bbc.com/news/magazine-32900600


----------



## chi1cabby (May 28, 2014)

*Uber wants to ditch the email-and-password login - here's why*
*http://www.businessinsider.com/uber-testing-two-factor-authentication-after-account-lock-outs-2015-6*


----------



## chi1cabby (May 28, 2014)

*After Hacked Accounts, Uber Looks at New Security Measures*
*http://motherboard.vice.com/read/after-claims-of-hacked-accounts-uber-looks-at-new-security-measures*


----------



## chi1cabby (May 28, 2014)

*Price Crash: Hacked Uber Accounts, Now Just 40 Cents*
*http://motherboard.vice.com/read/ha...40-cents-on-the-dark-web?utm_source=mbtwitter*


----------



## GooberX (May 13, 2015)

This is not a hoax.

I was going home last week around 4 pm when I got a call.

I was tired so I called the customer to make sure they needed my car, and to probe destination.

Customer: "I'm driving home from work, I did not order a car, and no else has my account info"

Me: "I think you need to call Uber, I'll cancel the ride per your request."

There are definitely stolen accounts out there.


----------



## arto71 (Sep 20, 2014)

*Uber is going on a security hiring binge*
*http://fortune.com/2015/08/17/uber-security-hiring-binge/*


----------



## chi1cabby (May 28, 2014)

*Hacked Uber Accounts Are Now Being Used in China*
*http://motherboard.vice.com/read/hacked-uber-accounts-are-now-being-used-in-china*


----------



## chi1cabby (May 28, 2014)

*Chicago Woman Says She Was Billed for Mexico Uber Ride She Didn't Take*
*http://www.nbcchicago.com/news/local/Mexico-Uber-Ride-369212111.html*


----------

