One dollar may not get you much these days, but it could buy you a stolen password to an Uber account and free car rides around town.
Vendors on dark net sites such as AlphaBay, which often sell illegal products like drugs and counterfeit goods, are offering active Uber username and login details for $1, according to Motherboard. Other information that comes with the purchase includes partial credit card data and telephone numbers.
Motherboard said it was able to verify that some of the accounts were still in use by Uber members and that, in one case, a previously hacked Amazon password was likely used to get into an Uber account because the passwords were the same. Although one vendor named Courvoisier claimed to have "thousands" of hacked accounts for sale, Uber told on Sunday that a hack hadn't taken place on its end. The company said it investigated the issue, and "found no evidence of a breach."
"Attempting to fraudulently access or sell accounts is illegal, and we notified the authorities about this report," Uber continued. "This is a good opportunity to remind people to use strong and unique usernames and passwords, and to avoid reusing the same credentials across multiple sites and security services." This reinforces the fact that hackers likely took login credentials from one stolen account (perhaps stemming from a previous hack), and were then able to log into an Uber user's account using the same password.
In May 2014, the company suffered a security breach that affected thousands of Uber's current and former drivers. Uber told Mashable that the previous hack is in no way connected to the information allegedly available online. If you have an Uber account, make sure you update your password as soon as possible. In November 2014, Uber employees threatened to track journalist by the logs in the apps.