Close
 

A wild ride: Losing brand loyalty and $800 (Updated)

  • Opinion
  • May 17, 2018
  • Courtney Devereux
A wild ride: Losing brand loyalty and $800 (Updated)

I wrote a stunt journalism piece on how easy it is to be hacked in Idealog last year. In an ironic twist of events, I recently discovered I have actually been hacked, except this time through my Uber account to the tune of $800. Take a ride and see the problem with entrusting your confidential details to big, faceless corporations.

Society's undying love for convenience has led us to save our credit card details to almost any platform – as long as it cuts off those precious eight seconds spent reaching into our wallet to pull out the card itself.

But this yearning for ease has made us vulnerable, even from those we trust the most.

I may be overly dramatic suggesting that my Uber account getting breached is the downfall of society, but it has resulted in a loss of trust, and a loss of access to Uber Eats. Technology is freaky, we rely so heavily on it that as soon as it doesn’t work or something goes wrong, we don’t know how to operate. We as a society have adapted so quickly to the benefits of technology, but struggle to adapt back to how we were before as soon as they are compromised.

In my ever-present life of more breaches than I would care to admit, you would think I would be more careful with technology.

And I am: I have password protectors, anti-virus programmes, and a small sticker over my webcam (some real top of the line protection). 

But when a company loses our data there isn’t anything you can do, unless you cancel your credit card, change your email, last name and move to a new house. Some of which may be a little bit of an overreaction when most ‘free’ apps gain capital by selling your data to third party sites anyway. 

Recently in the news, Facebook came under fire for losing over 50 million users' data. In 2014, Yahoo lost three billion user accounts which included names, emails, and phone numbers. In late 2016, Uber lost the personal information of 57 million users, including names, phone numbers and emails.

The bad part about that last hack was that Uber didn’t make the breach public until 2017, a year later. What’s worse, they paid the hackers USD$100,000 to destroy the data with no way to verify that they did, claiming it was a “bug bounty” fee. Uber fired its CSO because of the breach, effectively placing the blame on him. 

Information on the data breach available on the app states “the security incident that resulted in the breach of information included names, email address and mobile phone numbers.”

  • For more on how this scam works, check out the Reply All podcasts here and here. 

One of the bank transactions 

For the past two months, every Monday around lunchtime, an account presenting as Uber has been taking lump sums out of my account, ranging from about $7 to $50. Now, obviously these trips are not mine, seeing as the only time I use Uber is usually coming home from the clubs on Saturday night. And although I may not be in the clearest frame of mind on those trips, I still know if I’m inside a moving Toyota Prius or not.

The codes vary on my bank account, usually along the lines of Uber BV* or Uber Trip*, on the same day, around the same time.

Now if you’re wondering why it has taken me months to notice this, it is because I live in my overdraft and avoid looking at my bank account as much as possible. But this is not the time to be giving me financial advice.

What finally got my attention was the 40 texts from Uber in 24 hours, supplying me with an Uber Code, one which is usually used when needed to access an account you forgot a password for. I took these signs to bite the bullet and check my account and going back to February this year, an account masking as Uber had been taking money out of my account almost every week, with the total far above $300.

I quickly deactivated my account (not that that would stop my credit details from being out there in the wild). Almost akin to picking up something unsanitary, you think dropping it is going to solve the problem, but the germs are still on your hands to deal with. And these germs still had my card details.

I tried to log back into my account instantly, as I thought it would help to form the dispute against the company, but as soon as I tried to log in, it denied my access, stating that I had tried too many times to log in unsuccessfully.

Uber recommends finding a ‘help’ section within its app, which would have been handy to know before I went and locked myself out of it.

My first thought was to email Uber, but finding Uber's support account was about as easy as finding the Da Vinci Code, and even then, the email didn’t work – off to a great start.

Luckily for me, working in media means usually someone around you can supply a contact with almost anyone, Uber included.

Armed with an email from a colleague, I sent my strongly worded masterpiece off to the behemoth. It bounced back three times, until I realised Outlook blocks emails with the word ‘hack’ in the headline. On the fourth attempt it finally went through.

“Obviously somehow, through Uber, my credit card details have fallen into the wrong hands,” I quipped. “I would be very interested to know how this came to be.” I had them shaken.  

With the law of the land on my side, and with suggestions from a boss with smarter ideas than mine which didn’t involve sitting back until it went away, I called the bank.

Cancelling a card has a refreshing feeling to it when you’ve been hacked, cancelling your third card because you never learn your lesson is slightly less refreshing. The bank informed me that this money stealing had been coming out of my account since December 2017. With over $700 missing from my account since then and none through a reputable Uber account.

As I wait for Uber to “come to the party” as my bank assistant so adequately put it, I can’t help but muse over our undying loyalty to convenience. We will keep our credit card details in any app, as long as it makes checkout processes faster. The option to cut the time of reaching into our wallets, and entering something manually, is seen as a big drawcard (pun intended), customers are so easily swayed by making things easy, they forgo possible risks.

Keeping your details saved anywhere is risky, and big corporations that are known for having these details saved are huge targets for hackers. And although these big corporations try their best to keep customer data safe, it often falls into the wrong hands.

Just ask the 57 million Uber users that are most likely dealing with the same issue. I may be a bit more careful in the future, but unfortunately, if large companies are not careful and honest with data, there isn’t a lot we can do about it. People will continue to use the platform, maybe with some trepidation, but there would have to be a larger more detrimental risk to get consumers to change their behaviour.

As these trips are not recorded on my app I would find it hard to believe the Uber app itself is taking the money, more likely someone masking as the company. Yet the Uber code texts and being locked out of my account show that in the 2016 breach of mobile numbers and emails, I was most likely included.

In the meantime I will wait for Uber to reply, but if there is anything more difficult than getting a contact for a faceless corporation, it’s getting money from it. 

Updated: 17/05/2018 - 11:30

A representative from Uber's PR team has requested we rectify information regarding this article. 

"Uber has seen no evidence of fraud or misuse tied to the 2016 incident. Uber’s outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded in the breach. Uber is monitoring the affected accounts and have flagged them for additional fraud protection.

"It is an unfortunate reality that all online accounts, whether email, banking, or Uber can be the target of phishing attacks that aim to steal a user’s personal information, such as passwords.

There are multiple reasons why unauthorised activity may occur -  including whether the user is maintaining good habits in safeguarding personal information security, whether the device has been compromised, or even issues with the financial institution and its products. Fraudsters may also try to use credit card numbers stolen from other services to request Uber trips.

To reiterate, in relation to the 2016 data breach, Uber has seen no evidence of fraud or misuse tied to the incident and no credit card information was downloaded.

On reaching Uber support, Uber uses in-app help as it is the most efficient way to provide partner and customer support at scale."

I have yet to hear from Uber's support team in regards to the breach.

This is a community discussion forum. Comment is free but please respect our rules:

  1. Don’t be abusive or use sweary type words
  2. Don’t break the law: libel, slander and defamatory comments are forbidden
  3. Don’t resort to name-calling, mean-spiritedness, or slagging off
  4. Don’t pretend to be someone else.

If we find you doing these things, your comments will be edited without recourse and you may be asked to go away and reconsider your actions.
We respect the right to free speech and anonymous comments. Don’t abuse the privilege.

 
Sponsored Content

Wages: Don’t get caught sleeping in

The media reports of years of unpaid time for attending team meetings and opening or closing up stores in the retail sector highlights the action ...

 
 
Sponsored content

Batched Espresso: Premium products for the casual

Batched Espresso Martini is the latest product hitting liquor shelves. The pre-mixed cocktail goes far beyond traditional ready-to-drink beverages and introduces a new, premium way, ...

 
 
 
topics
Town centres
A positive retail environment over the past 12 ...
Amazon Arrival
Keeping up with all things Amazon as it ...
The Retail Yearbook 2017
As we battle our way through the busiest ...
Hospitality enhancing retail
Some think food and integrated hospitality offerings will ...
The future is bright
We spoke with four retailers in their twenties ...
Spotlight on signage
At first glance, the humble in-store sign might ...
How to open a store
Sarah Dunn considers what it would take to ...
Red Awards 2016
The Red Awards for retail interior design celebrate ...
Auckland Unitary Plan
Auckland is changing. The Unitary Plan will decide ...
Retail in heartland New Zealand
Retailers keep the regions pumping, but how strong ...
All things to all people
Kiwi retailers share their omnichannel strategies.
Rising stars
Retail's top young achievers.
Delivering on your promises
The sale isn't over until your item is ...
Sisterhood
Women in retail help one another. We spoke ...
The changing face of retail
Shifting demographics are creating big changes in New ...
The retail yearbook
With the help of experts in the retail ...
Retail rogues
We put the spotlight on staff training. Jai ...
Here come the giants
Topshop has arrived in Auckland’s CBD, David Jones ...
Loyalty in the digital age
How are retailers maintaining loyalty? Sarah Dunn, Elly ...
Window shopping: A spotlight on social media
Sarah Dunn and Elly Strang look at how ...
From retail to e-tail
Ecommerce has become part of the way mainstream ...
The Innovators | In partnership with Spark Business
Technology is rapidly changing the retail industry as ...
 

First Aid Pod aims to give privacy to those in need

  • News
  • June 20, 2018
  • Elly Strang
First Aid Pod aims to give privacy to those in need

If you’ve ever been involved in an emergency in a public space, you’ll know that privacy is often desired for both the person under duress and the first aid responder trying to help. Three Dunedin retail workers had seen it happen all too often, so they’ve created the First Aid Pod – a pop-up tent that provides shelter and all the medical gear necessary to deal with such a situation.

Read more
 
 
 
 
Next page
Results for
Topics
Jobs
About us.

The Register provides essential industry news and intelligence, updated daily. And the digital newsletter delivers the latest news to your inbox twice a week — for free!

©2009–2015 Tangible Media. All rights reserved.
Use of this site constitutes acceptance of our Privacy policy.

Advertise
The Register

editor@theregister.co.nz

Content marketing/advertising? Email anita@tangiblemedia.co.nz or call 022 639 3004

View Media Kit

}