Risk Assessments/Management, Data Security, Breach, Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Odd ‘phantom trips’ taken a year after Uber log-in credentials surface on dark web

Nearly a year after Uber log-in credentials surfaced on the dark web, scammers has been taking odd “phantom trips' using stolen credentials.

One victim who was in Australia noticed charges for a series of unusual Uber-related trips in the New York area, including a 95-minute, 24-mile circuit of Manhattan which cost them $198 and ended almost exactly where it started, The Guardian reported on April 22.

Another victim was reportedly in London when charges for several trips in Mexico, including trips to and from a destination that was only 790 meters from the original starting point, were discovered.

Uber suggested the compromises resulted from people using the same credentials across different sites.  

“While there has been no breach of Uber's systems, we would like to remind our users to always use unique passwords for different online accounts,” Uber said in a statement sent to the Guardian.

In both, cases Uber refunded users for the fraudulent trips.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.