How Stolen Uber Accounts Put Drivers in Danger
Earlier this year, multiple news outlets broke the news of a marketplace where Uber accounts are sold, like credit card numbers, Netflix and HBO Go logins. They exist in a place called the “Dark Web” where many of these listings and transactions take place. Earlier this year, the price of an active Uber account was at a high of $5 (it was higher last year), which was much more than Facebook accounts at about $3 and way higher than credit cards at about 20 cents a piece (Source, CNBC). The price has come down quite a bit, going for a low low price of $1.50 as of March (Source, 512tech).
Some sellers include a beginner user guide for those who have never taken an Uber ride before. According to a Vice article, one guide suggested logging in with your phone’s web browser first and find the first and last name of the user in case the driver asks for it. However, you can do that by logging into the passenger application and go through the profile to find out their details.
The various articles above noted that Uber has instituted multi-factor authentication, like what Lyft has done, but I haven’t seen this implemented in various cities. Lyft requires you to log in with a passcode texted to the phone number of the account holder. If you login with Facebook on Lyft, there is no such protection so Lyft is also vulnerable if the have your Facebook login and you happen to have a Lyft account attached to it. For Uber, logging in only requires the email and password. Once you have the login details. you can go in and change everything about the account, including the picture and phone number.
Another flaw with the Uber application is that you can be logged in with multiple devices. With Lyft, it automatically kicks the other device offline once you log in with another one. This is just a minor flaw but if you are an active user of Uber, you would notice that your account has been logged off, despite using Uber just a few days ago.
Will Adding Pictures Help?
Uber allows for users to put in their pictures to their profile. However, once someone has stole an Uber account, they can go in and change the picture. This scenario isn’t likely because if Uber finds out, they now have the picture of the thief. Also, it is pretty rare that an Uber customer puts in a picture in the first place so even if there is a picture, they can replace it with a picture of a cat or dog, which is unfortunately also pretty common. Since it is commonplace for the account holder to request the a ride for someone else, the person using the stolen account can also say the account holder requested a ride for them.
Are Drivers in Danger?
Most of the users of these stolen Uber accounts are trying to get a free ride. Uber prides itself in providing a safe ride with various levels of checks, but a stolen Uber account removes many levels of protection for the driver. Even if the credit card matches the passenger name and address, the person using it can say that their friend, the account holder, had requested the ride for them. Since this happens so often, there is no way for the driver to find out and prevent driving around a person with a stolen Uber account. So far, we haven’t heard of a stolen account being used in some sort of crime against a driver, but it may be a matter of time before that happens. From the various articles, it is pretty easy to get a stolen Uber account so the barrier of entry into this type of crime is relatively low.
Despite getting a free ride, you are also getting an anonymous ride from point A to point B, unless the driver has a dashcam that can take a picture of the passenger(s). It is plausible that a criminal will use a stolen Uber account to get around, like drug dealers. However, drug dealers often don’t think that far ahead or have cars of their own. It is also likely that criminals will use a stolen account to either rob the driver or steal their car. Uber drivers aren’t really known to have a lot of cash on them like taxi drivers, but the risk is still there. The likelihood of either scenario happening is slim to none, but the severity of the crime and/or injury is very high.
Uber has done a lot for passenger safety but haven’t done much in terms of safety for the driver. The “Safety Fee” supposedly pays for background checks and other checks on drivers, but nothing about the passengers who get into our car. Uber’s policy about having weapons in our car also tips the scales in favor of criminals who have an intent to harm or steal from drivers.
How Can Drivers Protect Themselves?
The number one step is to drive smart and pick up from areas you know well. This isn’t a sure fire way to prevent a stolen Uber ride but it may keep you safe. This may lead to selectively picking rides and refusing rides from bad areas of town like what taxi drivers have often done, but your safety is more important than to uphold a better social norm. I myself drive to every pickup and if I sense something I don’t like while I’m waiting, then I cancel and drive off. I don’t judge the potential passenger by the neighborhood, but as you are waiting for the passenger, look around and survey the immediate area.
Sending out a text message or calling the account holder may weed out a stolen Uber account. Here are two scenarios:
- They claim they are the account holder. Give a quick call to the cell phone number and see if their smartphone matches. (Again, this isn’t a surefire way since the thief can change the cell phone number once they log-in)
- They claim their friend requested a ride: Shoot a quick text to the account holder and ask if they requested a ride at X location, picking up a person named Y. Hopefully the account holder will respond quickly and before you drop off the passenger.
How Can Uber Prevent This?
It is pretty easy for Uber to prevent this from happening. They can implement a two-factor authentication like Lyft has done, either through a text message code or emailing a passcode to the user. I believe a text message would be the best option because it will require these accounts to have a valid cell phone number. There have been a few times where the account holder didn’t have a valid cell phone number.
Another level of protection would be a warning on the Uber app when there is a second log in or to prevent a second phone from logging in through the application. It is pretty weird that two people are trying to log into the account at the same time so a simple notification or a block would go a long way in preventing stolen accounts from being used. Notifications can only do so much though, however. According to the 512tech article, the author got multiple notifications from Uber from the trip in progress but thought nothing of it since he wasn’t using Uber at the time. It was later that he realized that someone else was using his account.Have more questions about Uber or Lyft? Head on over to our Rideshare Driver Training Course! Driver Promotions