Chinese fraudsters hitch a ride on Uber accounts
Active accounts worth '40 cents' each
Uber accounts of US-based customers are apparently being fraudulently abused in China.
Uber reportedly told SC Magazine that weak passwords or password reuse were to blame for the problem, rather than an attack on its systems directly. The firm has yet to respond to El Reg's request to explain how it reached this conclusion or how it intends to treat affected customers.
Anecdotal evidence suggests that the latest problem with compromised Uber accounts may be more than a flash in the pan. Online security site Hack Read reports that in one recent case 500,000 pwned Uber accounts were offered for sale through dark web markets for £10 each.
That was then and this is now. Vice reports that active Uber accounts now fetch as little as 40 cents a pop.
Uber launched in China in July 2014, where it operates in four of the country's largest cities. The introduction of the service in the country has been far from smooth.
Recently the taxi-hailing app has reportedly closed a large number of driver accounts in Beijing and Chengdu because of fraud perpetrated by some drivers, according to Chinese media reports. The scam here however relies on taking advantage of subsidies that are in some cases three times more than average fare charges.
The same person of group would both offer and accept a ride for a fictitious before splitting the proceeds from subsides which are much more than journey costs. No hacking of accounts is involved. Uber admits scams along these lines may be taking place but claims the estimated rates of around three per cent it is seeing are lower than those of competitors. This line is unlikely to appease drivers in Chengdu who have gone to the police to complain Uber is trying to walk away from debts it rightfully owes them. ®
Sponsored: Becoming a Pragmatic Security Leader