Uber is under FBI investigation to determine how London users of the popular car-hailing app have been charged for rides they report not to have booked or taken, the Guardian reported Saturday. In March, Uber account login credentials were found to be for sale online via “dark web” markets, Vice’s Motherboard reported.
One vendor, Courvoisier, told Motherboard he had thousands of "hacked accounts." Two Uber users contacted by Motherboard confirmed their leaked usernames and passwords were correct. Since the report, Uber users have come forward and reported charges for rides they did not take.
@Uber account has been hacked nothing to HELP me on website this is ridiculous __
â€” Anthea Turner (@AntheaTurner1) April 7, 2015
The Motherboard report was dated March 27. Uber investigated the claims and issued a statement three days later denying a security breach. The company claimed to have found no evidence its servers were hacked. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report,” an Uber representative said in a statement.
By purchasing account information on the “dark web” market, people have the ability to log in to the app as another user and book trips ,but do not have access to the account holder’s full credit card information. The app lists only the last four digits, expiration data and ZIP code of a user’s credit card.
Uber users are notified of any trips via a notification on the app and an email. Uber has asked users to adopt unique passwords for their accounts.
Six-year-old Uber is reportedly valued at $50 billion. The San Francisco company has faced opposition and regulatory hurdles worldwide. The app is available in 55 countries and more than 200 cities.