When I woke up to Russian text on my iPhone’s lock screen I knew something wasn’t right.
To sum it up, someone managed to hijack my Uber account and attempted to order several rides on two of my credit cards linked to my profile.
These attempts occurred in Russia while I was fast asleep in the United States.
My banks were quick to stop the fraud as I waited on Uber to reset my account.
Here’s what I learned:
This is common
A search for the terms “Uber” and “hacked” on Twitter will show users are regularly reporting their accounts have been hijacked in Russia.
A podcast known as Reply All found this has been happening and explores how hackers may get access to profiles.
So….how does it happen?
Uber has reportedly said it’s not the target of the hacks but that hackers are obtaining passwords from other social media accounts or from companies that have been hacked.
If you’re like me, you may have made the mistake of using the same password for several sites online.
(Honestly, if I had a different password for everything I log into, I’d probably have about 20-30 different passwords. Who wants to do that?)
Anyways, hackers may get your username and password combo from large databases that have been hacked (LinkedIn, Adobe for example) and apply that to Uber to see if it works.
The hackers can use special software to attempt “credential stuffing” according to one of the experts on the Reply All podcast.
What to do
If you’re waiting for Uber to respond, try tweeting at their @Uber_support account. Be courteous and polite. Eventually I got a response from this account and then about two hours later I got an email with a link to reset my Uber profile.
I’m going to be changing all of my passwords on every account I have using a password manager. These are apps that you can download that will generate passwords and then store them in a digital place for you to access when you need to log in.
How long does it take to resolve?
It took about 12 hours for Uber to respond and then resolve my account. Other users have reported on Twitter it’s taken Uber several days to make the fix. Again, things may work faster if you approach Uber through Twitter.
One thought on “What happens when your Uber account is hijacked ”
As soon as I install any App, the first thing I do is change the default permissions given to the app.
Deny access to send/receive messages, Make phone calls, read messages, read MMS, read contacts, access camera.