Uber says that it has found no evidence of a security breach following reports that user data has popped up for sale on dark web sites.
Motherboard reports that thousands of active Uber accounts are currently for sale on sites like AlphaBay market – some for as cheap as $1 and up for $5. Of course, having one’s Uber login credentials would give you access to their email address, phone number, home address, and travel history.
Uber accounts also show partial credit card numbers. There’s also the possibility that people share their Uber login/password with other services.
From Motherboard:
Motherboard received a sample of names and passwords available and verified that at least some of the accounts were active by contacting those users. The data includes names, usernames, passwords, partial credit card data, and telephone numbers for Uber customers.
Despite the report, Uber is claiming an investigation has yielded no evidence of any sort of security breach.
“We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services,” said the company in a statement.
This isn’t the first time Uber has been involved in a possible hack. The company admitted that up to 50,000 users may have been affected by a breach back in May. This also isn’t the first time Uber’s been under fire for possibly employing lax security practices.
Uber recently reiterated its mission to make the service safer.