Published: October 5, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Uber Eats, a division of Uber rideshare fame, is a mega-popular food delivery platform launched in 2014 and has an annual revenue near $1.5 billion. The service was recently hacked, according to personal data found for sale on the dark web. The data, discovered by a Cyble research team, was located during a monitoring search for hijacked data sold on the sketchy underground site. The dark web is, among other things, a clearing house for the sale of stolen data and those looking to purchase it.
This time, the data for sale pointed directly to Uber Eats, and affected approximately 100 delivery drivers and nearly 580 customers. The personally identifiable information (PII) stolen in the breach includes customer login credentials and driver data. The driver data includes full name, address and phone, banking card details, contact numbers, and trip details. The Cyble team is continuing to investigate the breach more fully, intent on learning much more about this Uber Eats data burp.
During this pandemic time, when more people than ever are depending on food delivery services, hackers are doing their level best to exploit this essential “pandemic service.” Uber Eats may be among the first food delivery services to be targeted during coronavirus, but cyber history shows it’s not likely to be the last.
For those using Uber Eats or other food delivery services, below are tips to help make sure your next online food delivery won’t end in heartburn:
Never share personal information, including financial data, over a phone, email, or text.
Use strong passwords and multi-factor authentication (MFA) or two-factor authentication (2FA) whenever possible.
Use a unique password for every single website you log into.
Regularly monitor your financial transactions. If you find anything remotely suspicious, contact your bank immediately.
Always keep device software updated and patched as soon as they are available, as they often contain.
Never use public Wi-Fi. It’s a favorite hangout spot for hackers to loot PII. If you do, don’t perform financial or other transactions that involve PII or confidential information. Don’t even log in when using public Wi-Fi. If you can’t wait to get to a secure connection, use a VPN (Virtual Private Network).
Use anti-virus protection on all devices and keep it updated. Use the automatic updates option if you can’t keep up with them manually.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com