What's more valuable to identity thieves than your credit card account? Your Uber account, apparently.
Last month, the IT security company Trend Micro reported that personally identifiable information (such as social security number/date of birth) was selling on underground markets at an average of $1.00 to $3.30 per account (a decrease from the 2014 high of $4.00 on average), while stolen Uber account information went for $3.78 per account on average. The stolen information can generate quite a profit: typically its purchaser sets up a fake account as an Uber driver, then uses the stolen account information to request, and charge for, "phantom" rides. While credit card companies have become increasingly adept at swiftly detecting and preventing fraudulent account activity, hacked Uber accounts appear to be less easily detected – making them all the more valuable.
According to reports, Uber is aware of this activity and is testing out additional security measures, including implementing two-factor authentication to access a user's account. While two-factor authentication has been rolled out in some areas, it is not available in all markets. In the meantime, there are steps you can take to protect your own account from ghost riders. First, and perhaps most importantly, monitor activity on all your accounts, particularly when your information is stored in an app or website. Second, avoid using the same password across multiple accounts, and ensure your passwords are strong. And third, the sooner you report any fraudulent activity, the better.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.