Your Uber account could end up in the wrong hands

Posted: 7:30 PM, Sep 20, 2017
Updated: 2017-09-21 03:37:20Z

KANSAS CITY, Mo. -- Your personal information is at risk of being bought and sold for as little as $5. And by the time you notice, you could be scammed out of hundreds.

It’s easy to use: download the app, put in your credit card information, and you’re set. 

But a 41 Action News investigation uncovers it’s just as simple for your Uber account to end up in the wrong hands.

Michael Vieau is a professional hacker. He managed to hop on the dark web and show us an underground market where almost everything is bought, sold, and traded. 

“Basically, it’s the Amazon of the underworld," Vieau said. "You can’t get there by just opening up Internet Explorer and typing bad site dot com. You have to go through some extra hoops. But once you get there, it’s kind of eye-opening to see what’s all on the dark web.”

With Vieau’s help, we found several Uber accounts for sale.  

“So, we just search for Uber and we find multiple, different accounts. So, for just under $5, I can buy someone’s hacked Uber account,” Vieau said. 

Most of the time Uber users don’t find out their account was hacked until they’re charged for a ride they didn't take, costing users anywhere from a few dollars to a few hundred.  

“But for a small investment of five or six U.S. dollars I can make $500," Vieau said. 

Once your account is compromised, hackers are also setting up fake driver accounts and charging the hacked accounts for rides that never happened.  

Hyunjin Seo teaches Cyber Security at the University of Kansas. She said the best way to fight back is to be vigilant; check your accounts often. Seo said if your account is compromised, cancel it and start a new one.  

“There’s no perfect way of dealing with this problem,” Seo said. “The way your information is generally shared in those dark web spaces is because the company or class you belong to was attacked. Take Equifax for example.”  

Cyber experts say the one saving grace is these hacks only work for a short period until Uber catches on. But once the damage is done, it’s difficult to find and prosecute those responsible.  

“Even if you’re able to access the site, you don’t know who hosts the site and where it’s hosted,” Seo told 41 Action News.  

Uber will refund riders if there’s a fraudulent trip. If the account is hacked, Uber typically encrypts and hides credit card information so that it won’t be stolen.  

Another way to stay on top of your account is to set up a “My Ride Is Complete” notification, so that push alerts are sent to your phone. Click here for more information on notifications from Uber.