Your Uber account could be for sale, and for as little as $5 someone could charge you for their ride. The I-Team looked at stolen Uber accounts on the dark web with the help of a professional hacker. They were easy to find, and he also discovered another twist when it comes to these hacked Uber identities.
The dark web is the Amazon of the underworld; you might be surprised by what's for sale. "Anything you want from drugs to weapons to hacked accounts," Michael Vieau pointed out. He's a Cyber Security Consultant with Brookfield-base Sikich.
To access this underground market you have to jump through extra hoops and use a specific browser. There's a lot of activity on the dark web, and a lot of Uber accounts for sale. We asked Vieau to find them for us. "For just under $5 U.S. I can buy someone's hacked Uber account." Vieau easily pulled up a long list, and the actual owners of these accounts have no idea they've been hacked.
Most of the time riders find out their account was sold when they see a charge for a ride, they didn't take. A hashtag search on Twitter pulled up stories of hacked accounts. One woman tweeted she was in bed in Minnesota when someone used her Uber account in Shanghai.
Uber refunds riders if there's a fraudulent trip and, according to a spokesperson, compromised accounts are a fraction of reports made to the company.
While he was looking for stolen Uber accounts Vieau also ran across another crime. "What they're selling me is information and how to do this scam," he showed us. Vieau is talking about criminals setting up "fake" driver accounts, and then charging the hacked account they bought for rides that never happened. "This may only work for a short period of time until Uber catches on, but for a small investment of five or six U.S. dollars I can now make $500."
The best way to protect your Uber account is to set up a "my ride is complete" notification so push alerts are sent to your phone. And always monitor your Uber activity to make sure no one's taking a free ride.
According to Uber, the company is always working to refine its security systems. If your account is hacked all criminals can do is take a free ride. Uber encrypts and hides credit card information so it can't be stolen.
People should also be diligent about their passwords. If you use the same one on everything, and someone gets that password, then they have access to all your accounts. So use different passwords and change them often.
Vieau also recommends using a password manager. Most programs are free.