9:16 AM EDT 3/28/2015
Active Uber accounts are for sale on a dark web marketplace for as little as $1 each, with one seller claiming he has "thousands" of user logins for sale, according to tech news site Motherboard.
Either Uber, the popular mobile-app-based transportation network, may have been hacked or it may have goofed again on its internal security protocols. Early last month, Uber has left a part of its internal lost-and-found records on a publicly accessible site on the open Internet. In another incident, it apparently left the key to a database containing the personal details of 50,000 of its drivers on a publicly accessible GitHub page.
When Motherboard asked Courvoisier, one of the sellers on the dark web marketplace, where the accounts he was selling came from, he reportedly replied: "Hacked accounts buddy. I have thousands :)" Motherboard received a sample of the usernames and passwords available and verified that at least some of the accounts were active by contacting those users. The data reportedly includes names, usernames, passwords, partial credit card data, and telephone numbers for Uber customers.
Contacted about the findings, Uber in a statement told Motherboard: "We are looking into this and do not have any information to share at this time. We use state of the art technology to prevent, detect, and investigate fraud. It's important to note that attempting this type of fraud is illegal, and we take appropriate action when we confirm fraud, including notifying the proper authorities."
Following up on the Motherboard report, The Verge was told by the company: "We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services."
© 2018 Celebeat.com All rights reserved. Do not reproduce without permission.