Security & Fraud

Hacked Uber Accounts Trump Credit Cards On Dark Web

Stolen Uber accounts are now more valuable on the Dark Web than credit card numbers.

New data from Trend Micro shows the going rate for stolen Uber account info is about $3.78 per account, on average. The Dark Web, which has been a haven for picking up stolen data — financial account info, Netflix accounts, PayPal logins, etc. — has apparently turned into a place for Uber hackers to make some money on selling accounts from the ride-hailing giant.

In the report, personally identifiable information (PII) was selling between $1–$3.30, down from $4. And stolen credit card information? That’s just not quite as valuable as it used to be.

According to the Trend Micro report, which was compiled for CNBC, stolen Uber account credentials house a trove of data treasures that criminals seek. It can help them secure information needed for identity theft, but it can also help them set up fake driver accounts that enable the cybercriminal to charge for rides that don’t exist.

That’s been part of the ghost ride hacking phenomenon that started catching headlines last spring.

“It’s an incredible underground ecosystem. There is a high level of competition for these criminal buyers, and there are a lot of different types of forums. It’s incredibly diverse but incredibly mature,” Ed Cabrera, Trend Micro VP of cybersecurity strategy, told CNBC.

“They are doing their own market research on where they can find the data that’s most valuable in the criminal underground, and they develop their attacks accordingly.”

Credit card value on the Dark Web, however, has slumped, since banks have increased their fraud protection, implementing detection systems that make it much harder to actually do much with a stolen credit card these days. Once that card is alerted as stolen or any activity that is remotely odd occurs, the credit card companies or banks act quickly, rendering those cards fairly useless.

But Uber said it is committed to providing the necessary security, such as testing two-step authentication, to enhance its protection for its users.

“Our security teams are laser-focused on protecting the integrity of our community’s Uber accounts,” an Uber spokesperson told CNBC. “We use technical measures to detect any issues and are always enhancing the measures we deploy to protect our users’ accounts.”

——————————

LATEST PYMNTS REPORT: MARCH 2020 B2B API TRACKER  

B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.

TRENDING RIGHT NOW