Published on August 2nd, 2019 📆 | 3844 Views ⚑0
Hacked Uber account charges Tauranga woman for rides in Poland
A Tauranga woman who was robbed of $45 after her Uber account was hacked and used by riders in Poland, says she will never use the taxi app again.
On Sunday night Angela Brooking was charged for 10 Uber rides and driver tips in Warsaw, despite her phone being 17,500 kilometres away.
“I had only used my Uber account once, a month ago for a business trip, now I think I’m going to be a one time Uber user because I’ve lost confidence in the app,” Brooking said.
She was also locked out of both her Uber and email account because her passwords were reset.
* Kiwis hit by Uber hack, no sign yet the data’s been used
* Elderly Kiwis conned out of hundreds of thousands
* Being far away means nothing to scammers and hackers
“The first thing I did was transfer all the money from that account to my savings,” she said.
Brooking’s account was first accessed from Egypt at around 5.45pm on Sunday.
She used Uber’s two-step verification process to secure her account, but was too late as the hacker had already accessed her account. Brooking was woken in the middle of the night to more notifications of transactions being made using her account.
“I stayed up pretty much all night watching them take money out of my bank account and I couldn’t stop it because I was locked out.”
Brooking said she did not notify her bank till the morning. The bank froze her account and credit card.
In the meantime Uber deactivated her account and refunded the $45 but Brooking said this experience had put her off using the app again.
“It’s a big wake up call. You want to take advantage of all these new services in this day and age but it puts you off, like even with online shopping.”
Brooking said she was disappointed the app’s software was not more secure.
Cyber security firm Aura Information Security general manager Peter Bailey said international cyber criminals took advantage of New Zealanders’ false sense of security online.
“We live in a pretty secure country so we do see hackers taking advantage of that. We’re not very good at keeping our credentials safe,” Bailey said.
Bailey suggests using strong passwords and changing them for every account.
According to Cert NZ report last month almost 1000 New Zealanders reported hacking issues in the last quarter.
Bailey said a method called credential stuffing had become increasingly popular among cyber criminals.
“A lot of people use the same password across various accounts so cyber criminals will gather usernames and passwords by hacking into databases and post them on the dark web. Credential stuffing is an automated system that basically fires out passwords against usernames to see if they match.”
An Uber spokesman said apart from using strong passwords, it was important for people to enable two-step verification as soon as they set up an account to reduce the chances of a hack.
“Uber offers two-step verification in our app. Users can choose to use text messages or third-party authentication apps like Google Authenticator, Authy, or Duo by visiting their account settings and selecting their preferred method,” the spokesman said.
Brooking has since deleted her account with Uber and said she had no plans of rejoining the app.
“It’s really a shame because I really enjoyed it, but they’re just too unreliable.”
The spokesman would not say how common these types of hacks were but said all credit card data was encrypted and hidden in the app which meant hackers could use it only in the app.
According to Netsafe said last year Kiwis lost $33 million to online scams.
The figure reversed a trend that had resulted in reported losses drift down from just over $13m in 2015 to $10m in 2017.
The most common scams were “tech support” phone scams believed to be mostly run out of call centres in India.
But the most costly scams for victims were romance and investment scams, where victims are duped into sending large amounts of money overseas.