Close
 

A wild ride: Losing brand loyalty and $800 (Updated)

  • Opinion
  • May 17, 2018
  • Courtney Devereux
A wild ride: Losing brand loyalty and $800 (Updated)

I wrote a stunt journalism piece on how easy it is to be hacked in Idealog last year. In an ironic twist of events, I recently discovered I have actually been hacked, except this time through my Uber account to the tune of $800. Take a ride and see the problem with entrusting your confidential details to big, faceless corporations.

Society's undying love for convenience has led us to save our credit card details to almost any platform – as long as it cuts off those precious eight seconds spent reaching into our wallet to pull out the card itself.

But this yearning for ease has made us vulnerable, even from those we trust the most.

I may be overly dramatic suggesting that my Uber account getting breached is the downfall of society, but it has resulted in a loss of trust, and a loss of access to Uber Eats. Technology is freaky, we rely so heavily on it that as soon as it doesn’t work or something goes wrong, we don’t know how to operate. We as a society have adapted so quickly to the benefits of technology, but struggle to adapt back to how we were before as soon as they are compromised.

In my ever-present life of more breaches than I would care to admit, you would think I would be more careful with technology.

And I am: I have password protectors, anti-virus programmes, and a small sticker over my webcam (some real top of the line protection). 

But when a company loses our data there isn’t anything you can do, unless you cancel your credit card, change your email, last name and move to a new house. Some of which may be a little bit of an overreaction when most ‘free’ apps gain capital by selling your data to third party sites anyway. 

Recently in the news, Facebook came under fire for losing over 50 million users' data. In 2014, Yahoo lost three billion user accounts which included names, emails, and phone numbers. In late 2016, Uber lost the personal information of 57 million users, including names, phone numbers and emails.

The bad part about that last hack was that Uber didn’t make the breach public until 2017, a year later. What’s worse, they paid the hackers USD$100,000 to destroy the data with no way to verify that they did, claiming it was a “bug bounty” fee. Uber fired its CSO because of the breach, effectively placing the blame on him. 

Information on the data breach available on the app states “the security incident that resulted in the breach of information included names, email address and mobile phone numbers.”

  • For more on how this scam works, check out the Reply All podcasts here and here. 

One of the bank transactions 

For the past two months, every Monday around lunchtime, an account presenting as Uber has been taking lump sums out of my account, ranging from about $7 to $50. Now, obviously these trips are not mine, seeing as the only time I use Uber is usually coming home from the clubs on Saturday night. And although I may not be in the clearest frame of mind on those trips, I still know if I’m inside a moving Toyota Prius or not.

The codes vary on my bank account, usually along the lines of Uber BV* or Uber Trip*, on the same day, around the same time.

Now if you’re wondering why it has taken me months to notice this, it is because I live in my overdraft and avoid looking at my bank account as much as possible. But this is not the time to be giving me financial advice.

What finally got my attention was the 40 texts from Uber in 24 hours, supplying me with an Uber Code, one which is usually used when needed to access an account you forgot a password for. I took these signs to bite the bullet and check my account and going back to February this year, an account masking as Uber had been taking money out of my account almost every week, with the total far above $300.

I quickly deactivated my account (not that that would stop my credit details from being out there in the wild). Almost akin to picking up something unsanitary, you think dropping it is going to solve the problem, but the germs are still on your hands to deal with. And these germs still had my card details.

I tried to log back into my account instantly, as I thought it would help to form the dispute against the company, but as soon as I tried to log in, it denied my access, stating that I had tried too many times to log in unsuccessfully.

Uber recommends finding a ‘help’ section within its app, which would have been handy to know before I went and locked myself out of it.

My first thought was to email Uber, but finding Uber's support account was about as easy as finding the Da Vinci Code, and even then, the email didn’t work – off to a great start.

Luckily for me, working in media means usually someone around you can supply a contact with almost anyone, Uber included.

Armed with an email from a colleague, I sent my strongly worded masterpiece off to the behemoth. It bounced back three times, until I realised Outlook blocks emails with the word ‘hack’ in the headline. On the fourth attempt it finally went through.

“Obviously somehow, through Uber, my credit card details have fallen into the wrong hands,” I quipped. “I would be very interested to know how this came to be.” I had them shaken.  

With the law of the land on my side, and with suggestions from a boss with smarter ideas than mine which didn’t involve sitting back until it went away, I called the bank.

Cancelling a card has a refreshing feeling to it when you’ve been hacked, cancelling your third card because you never learn your lesson is slightly less refreshing. The bank informed me that this money stealing had been coming out of my account since December 2017. With over $700 missing from my account since then and none through a reputable Uber account.

As I wait for Uber to “come to the party” as my bank assistant so adequately put it, I can’t help but muse over our undying loyalty to convenience. We will keep our credit card details in any app, as long as it makes checkout processes faster. The option to cut the time of reaching into our wallets, and entering something manually, is seen as a big drawcard (pun intended), customers are so easily swayed by making things easy, they forgo possible risks.

Keeping your details saved anywhere is risky, and big corporations that are known for having these details saved are huge targets for hackers. And although these big corporations try their best to keep customer data safe, it often falls into the wrong hands.

Just ask the 57 million Uber users that are most likely dealing with the same issue. I may be a bit more careful in the future, but unfortunately, if large companies are not careful and honest with data, there isn’t a lot we can do about it. People will continue to use the platform, maybe with some trepidation, but there would have to be a larger more detrimental risk to get consumers to change their behaviour.

As these trips are not recorded on my app I would find it hard to believe the Uber app itself is taking the money, more likely someone masking as the company. Yet the Uber code texts and being locked out of my account show that in the 2016 breach of mobile numbers and emails, I was most likely included.

In the meantime I will wait for Uber to reply, but if there is anything more difficult than getting a contact for a faceless corporation, it’s getting money from it. 

Updated: 17/05/2018 - 11:30

A representative from Uber's PR team has requested we rectify information regarding this article. 

"Uber has seen no evidence of fraud or misuse tied to the 2016 incident. Uber’s outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded in the breach. Uber is monitoring the affected accounts and have flagged them for additional fraud protection.

"It is an unfortunate reality that all online accounts, whether email, banking, or Uber can be the target of phishing attacks that aim to steal a user’s personal information, such as passwords.

There are multiple reasons why unauthorised activity may occur -  including whether the user is maintaining good habits in safeguarding personal information security, whether the device has been compromised, or even issues with the financial institution and its products. Fraudsters may also try to use credit card numbers stolen from other services to request Uber trips.

To reiterate, in relation to the 2016 data breach, Uber has seen no evidence of fraud or misuse tied to the incident and no credit card information was downloaded.

On reaching Uber support, Uber uses in-app help as it is the most efficient way to provide partner and customer support at scale."

I have yet to hear from Uber's support team in regards to the breach.

​ ​

This is a community discussion forum. Comment is free but please respect our rules:

  1. Don’t be abusive or use sweary type words
  2. Don’t break the law: libel, slander and defamatory comments are forbidden
  3. Don’t resort to name-calling, mean-spiritedness, or slagging off
  4. Don’t pretend to be someone else.

If we find you doing these things, your comments will be edited without recourse and you may be asked to go away and reconsider your actions.
We respect the right to free speech and anonymous comments. Don’t abuse the privilege.

 

Military-style semi-automatics ban announced

  • News
  • March 21, 2019
  • The Register team
Military-style semi-automatics ban announced

As of 3pm on March 21, a wide range of semi-automatic weapons have been reclassified under section 74A(c) of the Arms Act as requiring an E endorsement on a firearms license. This means they can no longer be sold to those with A-category gun licenses, and their purchase now requires police approval.

Read more
 
 

Retailers gather for insights at NZ Retail and The Register's breakfast

  • News
  • March 21, 2019
  • The Register
Retailers gather for insights at NZ Retail and The Register's breakfast

NZ Retail and The Register’s sales and marketing breakfast saw dozens of Kiwi retailers come together to network, sharing tips and tricks and absorbing expert advice.

Read more
 
 

Who stole Christmas?

  • News
  • March 21, 2019
  • Kelly Withers
Who stole Christmas?

Results are starting to trickle in from Christmas 2018/2019, and for many retailers, they're a little disappointing. Paydar chief executive and co-founder Kelly Withers explores the data.

Read more
 

Social scoreboard

Zavy and The Register have worked together to create a scoreboard that compares how the top 25 traditional media advertising spenders in New Zealand have performed on social media over the past 30 days, updated in real time.

 
topics
Concept to closet
Business coverage of New Zealand Fashion Week.
Town centres
A positive retail environment over the past 12 ...
Amazon Arrival
Keeping up with all things Amazon as it ...
The Retail Yearbook 2017
As we battle our way through the busiest ...
Hospitality enhancing retail
Some think food and integrated hospitality offerings will ...
The future is bright
We spoke with four retailers in their twenties ...
Spotlight on signage
At first glance, the humble in-store sign might ...
Red Awards 2016
The Red Awards for retail interior design celebrate ...
Auckland Unitary Plan
Auckland is changing. The Unitary Plan will decide ...
How to open a store
Sarah Dunn considers what it would take to ...
All things to all people
Kiwi retailers share their omnichannel strategies.
Rising stars
Retail's top young achievers.
Delivering on your promises
The sale isn't over until your item is ...
Retail in heartland New Zealand
Retailers keep the regions pumping, but how strong ...
Sisterhood
Women in retail help one another. We spoke ...
The changing face of retail
Shifting demographics are creating big changes in New ...
The retail yearbook
With the help of experts in the retail ...
Retail rogues
We put the spotlight on staff training. Jai ...
Here come the giants
Topshop has arrived in Auckland’s CBD, David Jones ...
Window shopping: A spotlight on social media
Sarah Dunn and Elly Strang look at how ...
From retail to e-tail
Ecommerce has become part of the way mainstream ...
Loyalty in the digital age
How are retailers maintaining loyalty? Sarah Dunn, Elly ...
The Innovators | In partnership with Spark Business
Technology is rapidly changing the retail industry as ...
 

Chinese businesspeople raise millions for Christchurch victims

  • News
  • March 21, 2019
  • Radio New Zealand
Chinese businesspeople raise millions for Christchurch victims

A group of visiting Chinese businesspeople have raised $2.35 million for victims of the Christchurch mass shooting.

Read more
 
 
News

The Retail NZ Awards: What does it take to be a winning retailer?

Take this time to shine with the upcoming Retail NZ awards, a chance to show the retail industry what makes your business stand out. No ...

 

Hunting & Fishing New Zealand voluntarily pulls military-style assault weapons from sale

  • News
  • March 20, 2019
  • Sarah Dunn
Hunting & Fishing New Zealand voluntarily pulls military-style assault weapons from sale

In the wake of the attack on Christchurch’s Muslim community on March 15, strong calls for changes to New Zealand’s gun last have been made. Trade Me was the first retailer to act, halting the sale of all semi-automatic weapons on its platform, and it has now been joined by Hunting & Fishing New Zealand.

Read more
 
Next page
Results for
Topics
Jobs
About us.

The Register provides essential industry news and intelligence, updated daily. And the digital newsletter delivers the latest news to your inbox twice a week — for free!

©2009–2015 Tangible Media. All rights reserved.
Use of this site constitutes acceptance of our Privacy policy.

Advertise
The Register

editor@theregister.co.nz

Content marketing/advertising? Email anita.hayhoe@icg.co.nz or call 022 639 3004

View Media Kit

}