Two weeks ago, my brother got an alert: His Uber was arriving.
This was a fairly normal occurrence for him, except that he was firmly seated at his office in Madison, Wisconsin, and the Uber on the screen was on the outskirts of London.
The text and email from Uber confirmed his fear: his email and password had been changed.
He was locked out with a $31 bill for the London joyride.
Like my brother, many Uber users have found their accounts taken over since March after stolen account information was posted for sale on the Dark Web.
The company investigated and found no breach in its system. While the spate of London-based account takeovers are ultimately a reflection on poor password management of its users rather than a problem with Uber’s security, the company is still working to get ahead of larger-scale account lockouts.
Part of that includes ultimately ditching the email-and-password system that hackers use in favor of a mobile-first approach.
“Uber is committed to developing security features that go beyond relying on email accounts and passwords for verification,” the company told Business Insider. “We are investing in rules engines and machine learning and believe we will be able to create a higher-quality experience in the long run by putting resources into technology solutions.”
Read more at?BUSINESS INSIDER