Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Uber customers suspect their accounts have been hacked

Many Uber customers are reporting unauthorized rides paid through their accounts, the company excludes a data breach, but suggested a password reset. In March, media agencies reported that the popular Uber service was hacked by cyber criminals, security experts discovered al least two different vendors offering stolen Uber customer logins in a black market on […]

uber data breach

Many Uber customers are reporting unauthorized rides paid through their accounts, the company excludes a data breach, but suggested a password reset.

In March, media agencies reported that the popular Uber service was hacked by cyber criminals, security experts discovered al least two different vendors offering stolen Uber customer logins in a black market on the Dark Web.

uber login

Now, something strange is happening to some American Uber customers that have been targeted by hackers. According to the claims of some Uber clients someone had access to their accounts and used them. The customers did the nasty discovery when received notification of unauthorized rides.

“It was crazy,” Stephanie Crisco told the MotherBoard. “I used Uber for the first time Thursday night. On Friday morning I received a notification on my phone that my driver was en route. I didn’t request a driver. I clicked on the notification and it said that the ride was cancelled but the pickup was in London.”

The girl also posted online an image related to the Twitter timeline that includes a number of canceled Uber rides that was apparently requested by her account, anyway she confirmed that the payments were made through her bank account. Crisco confirmed that Uber has refunded her for three rides, but to avoid further problems she removed her bank card since discovering the fraudulent payments.

Stephanie Crisco uber account hacked

There are various plausible hypothesis behind this incident, for example, it is possible that some other services were compromised by hackers and that they used shared the same credential with the Uber platform. This could be for example the case of the user Crisco that confirmed that she used the same credentials among various web services, including Uber. However, she wasn’t alone in reporting Uber account problems. Many other users have posted on Twitter, saying that their Uber accounts have been hijacked by unknown individuals who took rides using their accounts.

Unfortunately, Crisco wasn’t the unique Uber customer to have a similar problem, other users have posted on Twitter claiming their Uber accounts have been hijacked, also in these cases the hackers paid rides using their accounts.

Uber confirmed to Motherboard that its experts haven’t found any evidence of a data breach.

“We do not have any additional information to share beyond the statement we provided before: We investigated and found no evidence of a breach,” an Uber spokesperson said. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”

Waiting for more details of ongoing investigation, I strongly suggest Uber user to change their password, as also suggested by the company.

Pierluigi Paganini

(Security Affairs – Uber, hacking)