Uber accounts continue to be hijacked, this time by Chinese fraudsters. According to Motherboard, a number of users complained recently on Twitter that their accounts have been used for rides in China.
Uber was officially launched in China in July 2014, where it operates in four of the nation’s largest cities.
This situation is identical to the one from earlier this year, and Uber is once again saying that the accounts aren’t getting hijacked because they suffered a data breach.
At the time, Motherboard reported that they discovered Active Uber accounts being sold on a dark web marketplace for as little as $1 each. Are Chinese fraudsters taking advantage of this fact?
The company says that users are likely to blame for the hijackings, as they have probably used the same username/password credentials for other online services, and once those services got compromised and the login credentials stolen, cyber crooks tried to used them on other popular sites and services, including Uber.
Uber spokeswoman Kayla Whaling told SC Magazine that they are trying to unearth these password collections sold online, in order to go through them, see which accounts can be accessed with them, and then force a password reset.
She repeated Uber’s earlier advice to users: choose a strong, unique password, and don’t reuse it across multiple sites and services.
A few months ago Uber announced that it is working on security features that will make account hijacking more difficult but there is still no word on when these features will be implemented.