Uber is attempting to squash the use of hacked customer accounts that have most likely been sold on the dark web and are currently being used in China.
Several Uber customers tweeted that their Uber app notified them that they had recently taken a Uber ride in China, when in fact they were nowhere near that country, according to Motherboard.
Uber spokeswoman Kayla Whaling told SCMagazine.com that the company is focusing its effort on finding these “password collections” online, comparing them against the company's account list and resetting those that might be at risk. Uber has also increased the amount of engineering muscle being used to boost its security, she said.
The company believes the accounts were hacked because some of its customers used the same password for Uber and other online services. When the non-Uber credentials were stolen and sold on the dark web enterprising hackers merely try to use them to access an Uber account.
“We also encourage all of our users to choose strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services,” Uber said to SCMagazine.com in an email Thursday.
