Is YOUR Uber account at risk? Thousands of details sold on dark web


comments

Hackers are said to have obtained thousands of login details for Uber accounts worldwide - and are selling them for as little as $1. 

Two sellers - known only as Courvoisier and ThinkingForward - are using online marketplaces on the dark web such as AlphaBay to offer this personal information. 

And despite claiming these criminals claiming they got the details from hacked accounts, Uber said it has found 'no evidence' of a security breach in its systems.

Hackers are said to have obtained thousands of login details for Uber accounts worldwide - and are selling them for as little as $1 on the dark web. Two sellers - known only as Courvoisier and ThinkingForward - are using online marketplaces such as AlphaBay to offer this personal information 

Hackers are said to have obtained thousands of login details for Uber accounts worldwide - and are selling them for as little as $1 on the dark web. Two sellers - known only as Courvoisier and ThinkingForward - are using online marketplaces such as AlphaBay to offer this personal information 

The compromised accounts were discovered by Motherboard's Joseph Cox who was sent a sample list of accounts. 

He confirmed that the details being sold were both valid and linked to live accounts. 

Once a hacker has access to a person's Uber username and password they can book taxis from the firm's website and see their trip history.

This could include their home or work address, for example, or a person's 'Favourite places.'

WHAT IS THE DARK NET? 

The dark net is a subsection of the deep web - the part of the internet that does not show up in searches or on social media.

Most of the information on the web is far down on dynamically generated sites, unable to be found or seen by traditional search engines.  

The dark net is used as a way of sharing information and trading goods, but the anonymous and encrypted nature of it has attracted large amounts of illegal activity.

The Silk Road website, and its successor that were recently shut down, was used to sell drugs in exchange for Bitcoins.

Other dark net sites let users share pornographic photographs, hacked information and credit card numbers.

The Silk Road used an underground computer network known as the The Onion Router (TOR), which is a matrix of encrypted websites and servers that disguise the identity of users.

It uses numerous layers of security and encryption, hiding the IP address and the activity of the user.  

Full credit card details are not stored on the account, but a hacker can see the last four digits of a card number, as well as their full email address and phone number.

From this a person could commit wider identity fraud, or sign into other accounts if the username and password is copied across other sites, apps and accounts. 

Courvoisier told Mr Cox they have 'thousands' of login details obtained from 'hacked accounts' and sells them for $1 each.

ThinkingForward sells them for $5 and gives a discount on bulk purchases.

These are said to be just two examples of 'dozens' of listings on the dark net.

The dark net is a subsection of the deep web - the part of the internet that does not show up in searches or on social media.

Most of the information on the web is far down on dynamically generated sites, unable to be found or seen by traditional search engines. 

The dark net is used as a way of sharing information and trading goods, but the anonymous and encrypted nature of it has attracted large amounts of illegal activity. 

In September Uber said one of its databases had 'potentially been accessed by a third party,' but said only driver's names and licence plates were exposed.

They said it was a 'one-time unathorised' access and only impacted 50,000 employees.

In September Uber said one of its databases had 'potentially been accessed by a third party,' but said only driver's names and licence plates were exposed. In response to the Motherboard report, Uber said it has investigated and found no evidence of a breach, but advised users to make their logins 'strong and unique

In September Uber said one of its databases had 'potentially been accessed by a third party,' but said only driver's names and licence plates were exposed. In response to the Motherboard report, Uber said it has investigated and found no evidence of a breach, but advised users to make their logins 'strong and unique

In response to the Motherboard report, Uber said in a statement: 'We investigated and found no evidence of a breach. 

'Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report.'

It has advised users to make sure their usernames and passwords are 'unique and strong' and that they aren't used on other sites.



IFTTT

Put the internet to work for you.

Delete or edit this Recipe

0 comments:

Post a Comment