Stolen Uber accounts are now more valuable on the Dark Web than credit card numbers.
New data from Trend Micro shows the going rate for stolen Uber account info is about $3.78 per account, on average. The Dark Web, which has been a haven for picking up stolen data — financial account info, Netflix accounts, PayPal logins, etc. — has apparently turned into a place for Uber hackers to make some money on selling accounts from the ride-hailing giant.
In the report, personally identifiable information (PII) was selling between $1–$3.30, down from $4. And stolen credit card information? That’s just not quite as valuable as it used to be.
According to the Trend Micro report, which was compiled for CNBC, stolen Uber account credentials house a trove of data treasures that criminals seek. It can help them secure information needed for identity theft, but it can also help them set up fake driver accounts that enable the cybercriminal to charge for rides that don’t exist.
That’s been part of the ghost ride hacking phenomenon that started catching headlines last spring.
“It’s an incredible underground ecosystem. There is a high level of competition for these criminal buyers, and there are a lot of different types of forums. It’s incredibly diverse but incredibly mature,” Ed Cabrera, Trend Micro VP of cybersecurity strategy, told CNBC.
“They are doing their own market research on where they can find the data that’s most valuable in the criminal underground, and they develop their attacks accordingly.”
Credit card value on the Dark Web, however, has slumped, since banks have increased their fraud protection, implementing detection systems that make it much harder to actually do much with a stolen credit card these days. Once that card is alerted as stolen or any activity that is remotely odd occurs, the credit card companies or banks act quickly, rendering those cards fairly useless.
But Uber said it is committed to providing the necessary security, such as testing two-step authentication, to enhance its protection for its users.
“Our security teams are laser-focused on protecting the integrity of our community’s Uber accounts,” an Uber spokesperson told CNBC. “We use technical measures to detect any issues and are always enhancing the measures we deploy to protect our users’ accounts.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More