Image

Image

“Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report.”An email to an affected customer from Uber reads: “We believe that your email account may have been hacked as access was gained to your account by sending a password reset link to your email.” The user’s password is changed – and included in plain text – but as the UberSupport representative says:
“We are continuing to work on additional security measures to further reduce the likelihood of illegitimate account access like this…”
Image

“In many respects, this trend reveals the number of breaches that are occurring that go unreported or undetected, and not just with service providers themselves but also when data sets are shared with business partners, or when the data is compromised between device and server.”Westin said the evident value in this data is likely making cyber criminals and syndicates work around the clock to identify weaknesses in email, social media, loyalty programs and other sources. “Many times these logins and passwords are shared across multiple systems – hackers are well aware of this and will test what other systems they can access with a compromised data set,” he added. Westin suggests this may be the case with Uber, where the data may have been compromised from another data set. As long as the logins are shared, fraudsters are able to access a higher value target using the same credentials.