Woman robbed in Uber hack
A Tauranga woman who was robbed of $45 after her Uber account was hacked and used by riders in Poland, says she will never use the taxi app again.
Angela Brooking was charged for 10 Uber rides and driver tips in Warsaw, despite her phone being 17,500 kilometres away.
‘‘I had only used my Uber account once, a month ago for a business trip, now I think I’m going to be a one time Uber user because I’ve lost confidence in the app,’’ Brooking said.
She was also locked out of both her Uber and email account because her passwords were reset.
‘‘The first thing I did was transfer all the money from that account to my savings,’’ she said.
Brooking’s account was first accessed from Egypt about 5.45pm on Sunday.
She used Uber’s two-step verification process to secure her account, but was too late as the hacker had already accessed her account. Brooking was woken in the middle of the night to more notifications of transactions being made using her account.
‘‘I stayed up pretty much all night watching them take money out of my bank account and I couldn’t stop it because I was locked out.’’
Brooking said she did not notify her bank till the morning. The bank froze her account and credit card.
In the meantime Uber deactivated her account and refunded the $45 but Brooking said this experience had put her off using the app again.
‘‘It’s a big wake up call. You want to take advantage of all these new services in this day and age but it puts you off, like even with online shopping.’’
Brooking said she was disappointed the app’s software was not more secure.
Cyber security firm Aura Information Security general manager Peter Bailey said international cyber criminals took advantage of New Zealanders’ false sense of security online.
‘‘We live in a pretty secure country so we do see hackers taking advantage of that. We’re not very good at keeping our credentials safe,’’ Bailey said.
Bailey suggests using strong passwords and changing them for every account.
According to Cert NZ report last month almost 1000 New Zealanders reported hacking in the last quarter.
Bailey said a method called credential stuffing had become increasingly popular among cyber criminals.
‘‘A lot of people use the same password across various accounts so cyber criminals will gather usernames and passwords by hacking into databases and post them on the dark web. Credential stuffing is an automated system that basically fires out passwords against usernames to see if they match.’’
An Uber spokesman said apart from using strong passwords, it was important for people to enable two-step verification as soon as they set up an account.
‘‘Uber offers two-step verification in our app. Users can choose to use text messages or third-party authentication apps like Google Authenticator, Authy, or Duo by visiting their account settings and selecting their preferred method,’’ the spokesman said.
Brooking has since deleted her account with Uber and said she had no plans of rejoining the app.
‘‘It’s really a shame because I really enjoyed it, but they’re just too unreliable.’’
According to Netsafe said last year Kiwis lost $33 million to online scams.