Thousands of Uber users account credentials are up for sale online.
At least two separate vendors on dark web marketplace AlphaBay are selling active Uber account databases. Once purchased, these accounts let buyers order up rides using whatever payment information is on file. Those accounts can also show trip history, email addresses, phone numbers and location information for people’s home and work addresses.
The sellers are offering up the accounts for $1 and $5 apiece. One of the two sellers Motherboard talked to says he or she has already sold more than 100 accounts to other buyers.
“We investigated and found no evidence of a breach,” an Uber spokesperson told The Verge. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”
FULL STORY
