A CURRENT AFFAIR 7:10pm January 11, 2017
A Current Affair By A Current Affair
A warning for anyone who uses Uber after customers’ accounts were hacked by fraudsters who took them to the cleaners.
Australian Uber users have been warned to remain vigilant about their account information after one user was charged hundreds of dollars in trips while she was asleep.
Melbourne Uber user Sodany Quinn’s credit card was getting a good workout by the ride-sharing service, in the form of $600 worth of trips charged in British pounds and Euros.
“Uber was meant to be a convenience to me and my lifestyle, but it’s turned out to be a real headache for me,” Ms Quinn told A Current Affair.
“All this money was being taken out, I wasn’t getting any answers.”
Ms Quinn said Uber was extremely unhelpful when she tried to explain the 21 transactions that were not hers.
She was forced to cancel her credit card and close her Uber account.
“I would be advising people to check their accounts regularly,” she said.
After A Current Affair contacted Uber, Ms Quinn received a full refund.
Examples of Ms Quinn’s fraudulent charges (Source: A Current Affair)
Kirsten Swann is another Uber user who became victim to mystery charges.
In her case it was approximately $300 in Uber Eats deliveries.
“I went to bed that night, woke up the next morning to a missed call from an international number. Also, a voicemail, which I listened to and a gentleman actually was saying, ‘Why did you order Indian food? You’re not picking up your phone.’ So straight away I thought, ‘Oh, it’s Uber Eats again’,” Ms Swann said.
She was charged about $140 through her PayPal account.
“I don’t know how my account was compromised but I’m sure this happens all the time,” Ms Swann said.
Unlike Ms Quinn, Ms Swann was easily able to get her money back.
“I just had to provide a couple of proof of my identity and also the fraudulent transactions and straight away, they ruled in my favour through PayPal and also through Uber,” she said.
Kirsten Swann was billed approximately $300 for Uber Eats that were ordered overseas (Source: A Current Affair)
Cyber security expert Simon Smith found several instances of Uber details being found on the dark web, an encrypted part of the world wide web that is often used for all sorts of illegal activity.
“On the dark web, I was able to find Uber accounts especially, at a premium price of four dollars,” Mr Smith said.
“It’s a matter of account details, because those account details unlock accounts of all the others – like Google Wallet and PayPal and credit card details. It’s almost a trusted key lock that Uber have and once you’ve got into Uber, you’ve got into everything else.”
Handle My Complaint CEO Jo Ucakalo believes Uber’s response to both women was inadequate.
“Uber has very good fraud protection. You can only use the system one trip at any one time. This protects against fraud and the fact that they weren’t able to explain to customers where exactly the system has failed them, meaning that fraudulent transactions have occurred, that’s of concern,” she said.
In a statement to A Current Affair, Uber said it found no evidence to suggest the accounts had been compromised.
“Even if someone found a way to access another person’s Uber account, they wouldn’t have access to credit card details. All they can see in the app is the last four digits of the credit card,” a spokesperson said.
“Uber does not store credit card numbers, which means they can’t be stolen from us.
“In cases where credit cards have been used fraudulently, we work closely with financial institutions to refund charges as needed and will ban fraudulent accounts.
“We treat the security of our customers’ data seriously and will act quickly when notified of fraudulent activity.”