Friday, November 24, 2017

Not The First Time Uber's Been Hacked...And Not The First Time They've Covered It Up.

A catalogue of errant issues, hushed up and swept under the carpet.

So, Uber say that the 57 million passenger details have been bought back and that their Credit Card account details are safe. They also said that no ones been charged for journeys they haven't booked.....who remembers this from 2015 !

Minicab app Uber denies it is being hacked despite avalanche of tweets from customers complaining of thousands in losses - and even Anthea Turner is getting cross...

Concerned: Anthea Turner took to Twitter to contact Uber about her apparent account breach
Uber users are being told to check their usernames and passwords after a growing number of people have been charged for journeys they did not make.

Anthea Turner was the latest to have her account compromised, leaving her with a bill for journeys she did not book or take.

The TV presenter tweeted to Uber 'account has been hacked nothing to help me on website – this is ridiculous'.

Uber is a mobile app that connects minicab ride requests with drivers. Users can input their credit card details on the app so that they do not have to have cash with them to pay.   

But the Uber support Twitter account is awash with users complaining that they have had cash taken from their accounts for journeys that they did not book or make. Some users have reportedly had hundreds or even thousands of pounds taken from their accounts.

Uber still denies that it has been breached - but has promised to reimburse all customers who have been charged for journeys that they did not book or take. 

Elaine Johnson tweeted: 'Help – my account has been hacked and I don't know who to contact to report this to? Someone's spending my cash.'

Gemma Hole said: 'My account has been hacked, I've apparently just ordered 13 cabs to Clapton and counting and I'm getting charged.'

The complaints on Twitter are coming from users across the globe including the States and France.

Record producer Mick Crossley told The Evening Standard he had been hit with a bill for £3,000 for 142 journeys.  He said he did not receive notification that the journeys had been booked because someone had changed his contact email address on his account as well.

Just last night Twitter user Jade Samantha posted a screenshot of Uber journeys taken on her account totalling close to £100, which she claimed she never took. Some Twitter users are responding to account hacking postings with the hashtag #ubered.

Amanda O'Shaughnessy told This is Money she found out that someone was using her account when she started to receive invoices for journeys she had not made. 'I've lost complete trust in the service and it's for these reasons that I won't use them again, despite the convenience,' she said.  

Some customers have also vented their fury at their inability to get hold of someone at Uber to report the situation to.

Worried: Anthea Turner reached out to Uber support on Twitter after she was charged for journeys she did not make

The website does not contain a telephone number, only an email function for enquiries.

Anthea Turner was one user who appears to have struggled to get through to the minicab sharing company.

She tweeted that she couldn't even change her account details because her login details had been changed by someone. Then after appearing to have tried to get a phone number for them, tweeted Uber saying 'your email is saying not valid and the number from 118 500 is not ringing through. Do you exist?'

A spokesperson for Uber categorically denied that there had been a breach at Uber, confirming to This is Money that they were 100 per cent sure that their system had not been compromised.

Charged: Users have taken to Twitter to share concerns about their accounts being hacked

'We take any issue of this nature very seriously and after investigating have found no evidence of a breach at Uber,' an Uber spokesperson said. 'Attempting to fraudulently access and use Uber accounts is illegal and we notify the authorities about such activity.'

However they admitted that there have been a number of users reporting that their accounts had been used by other people to book journeys.

Popular: Uber has dramatically reduced the cost of cabs - but a small number of users are experiencing problems
They said they were still investigating the cause, but that the most likely explanation is that there had been a data breach on another e-commerce website. 

Since people often use the same usernames and passwords across several online accounts, fraudsters have attempted to use the data hacked from another site to access Uber accounts.

It said the issue is being taken very seriously and anyone left out of pocket will be reimbursed.

A spokesperson added: 'We would like to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services. However, anyone who is charged for a trip they didn't book or take would get a refund.'

Full credit card details are not stored on an Uber account account, but a hacker can see the last four digits of a card number, as well as their full email address and phone number.

From this a person could commit wider identity fraud, or sign into other accounts if the username and password is copied across other sites, apps and accounts, if this isn't the method by which they breached the Uber account in the first place.

Despite the frustrations of some customers, Uber is not sharing a phone number that people can call should they think they have been affected.

Instead they can email and should receive a response within an hour. A spokesperson for Uber said this method was 'more efficient' – particularly since Uber is a global company - and the email account is monitored 24 hours a day.

Dismayed: Increasing numbers of Twitter users have taken to the site to share their experience of Uber journeys booked on their account by someone else

The reported account breaches come after reports last month that hackers had allegedly obtained thousands of login details for Uber accounts worldwide – and were selling them for as little as $1.

Two sellers – known only as Courvoisier and ThinkingForward – were reportedly using online marketplaces on the dark web such as AlphaBay to offer this personal information.

Uber reiterated at the time that it had found 'no evidence' of a security breach in its systems.

Web blog Motherboard revealed that active Uber accounts are for sale on the dark web. 

Since then, a wave of customers have complained of fraudulent trips being charged to their credit card account.

In an attempt to discover the root of the problem, Motherboard has received a guide on how to use these accounts.

The step by step tutorial is sold by Courvoisier, one of the vendors who originally advertised the hacked Uber accounts.


So, what type of information does Uber store about their customers ???

Remember this scandal from earlier this year that seems to have been swept under the carpet by TfL!

In a disturbing turn of events, Uber has been tracking oblivious iPhone users even after they removed the application from their phone. Two years ago, the situation escalated to such an extent that CEO Travis Kalanick earned a slap on the wrist from Apple mogul Tim Cook.

The New York Times reported that Kalanick pulled a "fast one" on Apple back in 2015 when the app continued to identify and tag iPhone users after they had deleted it from their phones. In doing so, Kalanick's company violated Apple's privacy guidelines and was nearly booted off the App Store.

The practice is called 'fingerprinting,' which Uber used on iPhones initially as a fraud-prevention method. It is a piece of code that identifies a specific iPhone, locates it, and remembers it. Uber hoodwinked Apple engineers by geofencing Apple's Cupertino headquarters to hide this code, but Cook & Co. soon discovered the deception. The whole debacle resulted in an awkward face-to-face meeting for Kalanick at Apple headquarters back in 2015 where Uber was forced to comply with Apple's regulations.


Anonymous said...

See Anthea Turner supports a toxic non tax paying overseas registered corp instead of the hard working cab drivers that play by the rules pay tax and are criminally checked.
Thanks for your support I hope the taxi trade can do something for you in the future.
That's if you haven't had all your money stolen I know ow important that is to someone like you who has to watch every penny and save two quid by using uber.
Once again thanks for supporting your own ..

Anonymous said...

I find it really funny that Uber are complaining that hacking is illegal and they are going to report it to the authorities. Such hypocrisy. Ha ha. What comes around goes around. Also I didn't realise Anthea Turner was a unpatriotic skinflint that supports dodgy tax avoiding companies to save a few pennies.

Anonymous said...

Spot the BBC mistake. Again.

Rob said...

I had such sympathy for Anthea once . She had a ghastly experience with that toothy grinning burke Bovey. The pair of them have burnt through millions of investors, and I presume their own money. She had to sell a 5 million pound estate in Surrey. Then the ski lodge in France had to be off loaded to pay debts. Apparently a media company ,Yumi Media,she financed looked like going tits up with debts in the millions. It is reported she shops at Aldi. Now the greatest ignomy of all, the final step into the abyss of dispair;an Uber account holder. The nadir has truly been reached. Yet isn't that a Porsche Macan she is pictured next to? Probably a pcp financed job. Apparently she resides in a 1.2 million pound flat in Richmond. Come on now, let's have a little understanding. The girl never put her hand in her purse when she was being feted over as a tv 'personality'. The trauma of paying for a cab fare obviously has weighed heavily on those delicate shoulders. Let's hope Uber's customer relations dept is on the case and shows the same alacrity the gimps at pelastra show this trade when dealing with an errant driver who can't get a signal on a credit card device. It puzzles me after 30 years in this trade how you can take a charming couple home to somewhere not at all showy or pricey, in fact somewhere an estate agent might think 'down at heel', and yet their generosity is overwhelming and they are genuinely grateful for your service. Then we come to this example of a princess so long in a gilded cage who doesn't think twice about giving over their cc details in order to ' benefit' from a nauseating, degrading ,cynical exploitative company's dubious practices. Perhaps Bovey and Turner were made for each other after all.