The US website Motherboard reported two months ago that "thousands" of Uber account details were available to buy for as little as $1 each on the anonymous "dark web".
From an article at motherboard.vice.com:
A username and password is all you need to access a user’s trip history, which may include personal details such as a home address. While full credit card information is not exposed, the last four digits and expiration date of the user’s card are viewable in a user’s account.
Over on AlphaBay market, a recently launched dark web site, vendor Courvoisier has a listing for 'x1 UBER ACCOUNT - WORLDWIDE TAXI!’ For the meager sum of $1, anyone can anonymously purchase an Uber username and password.
Another vendor, ThinkingForward, has a similar offer, but for $5. “I will guarantee that they are valid and live ONLY. Discounts on bulk purchases,” ThinkingForward writes on his product listing.
Further information, including a couple of first-person accounts, are in an article at the BBC.
I know that Uber is not the only service suffering from data breaches, but given that Uber has thus far denied any breach or compromised accounts, this is yet another example of what I see as their questionable business practices.
(Score: 2) by tynin on Saturday May 30 2015, @04:23PM
Quite often, one service / website will be compromised, and the username / email / password combo will become know. These hackers then go on to try using the same username / password to get into other services, Uber will be one of them. I know for certain many people use the same user / pass all over the place and don't want to be inconvenienced to change it. So this isn't exactly a clear example of Uber doing anything wrong.