On October 24, 2021, Sunday 12:00 pm, I was heading towards the south sun valley park area, after I drop one of the riders then I pick up my car on the side of the road to wait for the next rider booked in, I suddenly receive a trip request which is not so far from my park location, around 4 minutes, I accepted, then the message pop up from the uber APP, and it said you are selected to be Uber incentive program, if your next rider gives you 5 star then you will be award to 50 dollars, if you got 4 stars then you will award 30 dollars, then the APP ask are you interested to join this program. Certainly, I agree to join this program, then from Uber App pop up a message requesting to provide information for identifying account, I type my login email, then App request to provide phone as second pieces information for identification, I think a while due to a lot of people know my phone number which is not critical to hack some people account, so type it in
APP also asks the driver to stop the car safely and to complete the application.
i
After 2 minutes after I provided my phone number, I received an email from Uber total me that My account passwords changed, after another 2 minutes, I received another email from uber total me my
The first email from Uber said your account passwords were updated as below:
The Second email from Uber said your account was accessed by a new device, which is from Egypt and the sign-in city is Cairo:
The fourth email from Uber: Uber also detected a suspicious update for my payment
In the Fifth email from Uber, which hacker turn on the two-step verification which is normally not set up by the driver, the purpose the hacker turn on two-step verification is to prevent driver login if the driver received the 4 digital codes, then it can prevent the driver to log in, two-step verification 6 digital verification codes to sign in.
Uber usually transfers the driver’s money weekly at Monday 4:am, hacker completely knows the process of Uber usually does.
I worked so hard in that week, I accumulatedalmost 2000.00 in my account, 93 hours
I was worked in this week, due to I was kicked out of my account, I can’t drive so I back to home and tried to find any support from Uber to freeze my account, I called Uber supports and there is no support until next Monday 8:00 am, the money would be transferred out before the Uber technical support knows it !
I also called non-emergency police support, the police said they had no contact with Uber, request me to call Uber the next day, I sent an email out to Uber support, no answer.
At Next day, I call Uber help, but it is very busy no people pick the phone, so I drove to the Uber office around 10:00 am, uber security guards did not allow me to go in to report the hack events, and they said before I came, there were 20 people reported the hacked, and ask me to go to Uber website and report My account was hacked then let me go home and wait for the security team to handle this issue
Afternoon, I was successfully picked by one of the Uber supporters and I immediately asked him to check my bank balance, which is $0, the hacker successfully transferred out my money to hacker bank.
How do they successfully hack my account?
The technical the used to hack my account after this events is when they get my account email address then the use forgot passwords function at Uber website, Uber will send the 4 digit number to my cell phone, they have a device to receive my message from the cell phone company and bypass the message they send to me, then they use the 4 digital code bypass the account passwords to login then they change the passwords and kick me out from Uber APP. after they change the bank information, I received email but I can’t log in to correct it, the two-step verify turn on is they know Uber not sent 6 digital verify codes, I went to online to download the Uber passwords generator which is not work. It is highly possible hacker worked as Uber software Engineer before due to they can access Uber APP and issue incentive program, and also know the detail of how Uber APP worked
One of the riders told me the account was hacked and lost $1000 from his credit card
The rider also can be hacked through the Uber account and phone number then entire your account get the credited card information and change the trip distance to charge huge money from each trip and the money will transfer to the hacker bank
Leeson to Learn:
1) Don’t trust any Uber incentive program from Uber APP. They can’t easily access it and send out program
2) Hacker knows the uber will pay to the driver at 4:00 am every Monday, there is no live support from Uber at weekend until next Monday 8:00 am
3) Always keep amount email and phone number separately, they can bypass the message from the cell phone company
4) Don’t use any browser to remember your account number, hackers can get your phone number easy from different place, and most danger is they can licensing and bypass you message which send by phone company