Last week, many Uber users found that they had taken a ride in China. Quite the miracle I would say given that they were never in China.
The cause of this incident was the selling of Uber account on the dark web. Account credentials were selling for anywhere from 40 cents to a dollar. These accounts weren’t taken directly from Uber, but were found using software that tests usernames and passwords from other sources for use with Uber.
Uber has had its fair share of data missteps in the past, including the release of data from more than three dozen shared Uber trips. But this breach is not on Uber’s shoulders. This is all on the user. What could have prevented this was customers using common sense and picking strong, unique passwords.