top | item 32053200

(no title)

Moderately tangential, but I just had my Uber account hacked today. I also used a strong, unique password managed by a password manager. As far as I can tell, my email wasn’t hacked (Google Workspace account backed by a physical security key). My best guess is they scammed support, but I am just taking a stab in the dark.

The worst part is, you can’t even talk to Uber support chat unless you put in the account’s current email, phone number, and last 6 digits of the credit card on the account. I have the attacker’s email address, but not the phone number, so I couldn’t even chat with support. They have an “email support” form, but it asks for the same info. I put in what I knew, but I haven’t heard back from support since the attacker took my account this afternoon, and I fear I’m not going to get it back.

discuss

kube-system|3 years ago

This page might cater to that situation?:

https://help.uber.com/riders/article/i-think-my-account-has-...

Interestingly enough it also says:

> We are currently seeing a high number of requests come through this form.

DamnableNook|3 years ago

That’s a great link, thank you for that! Their support page linked from the “email changed” message, under “if you didn’t make this change”, was less than helpful. It just said to log in and change your password, which isn’t really helpful if the attacker changed the password. The link for “if you can’t login” took me to a 404 page.

willis936|3 years ago

This sounds like a situation I had with yahoo email over a decade ago. I could never get support to give me control back. They just got to impersonate me and spam my contacts list while I lost all access to accounts tied to that email. I want yahoo to dissolve.

papito|3 years ago

My Disney+ account suddenly got a few new profiles, some in foreign languages. I had to delete them and change the password. Interestingly, my password never was reset by anyone else.

Akronymus|3 years ago

I am occasionally getting walmart emails, despite never signing up, because I am not even from the US.

Just yesterday it was an attempt at a password reset. For an email that doesnt even exist in their system, allegedly.

Sorry, that second one was best buy. This was the text:

You may need to create an account.

We received a request to reset your password on BestBuy.com®.

However, we don't have an account associated with this email address. You can try to sign in with a different email address.

You can also create a new account using any email address you choose.

Happy Shopping!

Your Best Buy Customer Care Team

abrookewood|3 years ago

Presumably they kept your credit card on file and are aiming for free rides? Seems risky from their perspective if you can get their phone number.

DamnableNook|3 years ago

I luckily only had PayPal connected to my account. I was able to unlink it on the Uber side before the attacker blocked access to my account. I also blocked it on the PayPal side too. So all that work, and all they really got is my ride history and reputation.