A wild ride: Losing brand loyalty and $800 (Updated)

  • Opinion
  • May 17, 2018
  • Courtney Devereux
A wild ride: Losing brand loyalty and $800 (Updated)

I wrote a stunt journalism piece on how easy it is to be hacked in Idealog last year. In an ironic twist of events, I recently discovered I have actually been hacked, except this time through my Uber account to the tune of $800. Take a ride and see the problem with entrusting your confidential details to big, faceless corporations.

Society's undying love for convenience has led us to save our credit card details to almost any platform – as long as it cuts off those precious eight seconds spent reaching into our wallet to pull out the card itself.

But this yearning for ease has made us vulnerable, even from those we trust the most.

I may be overly dramatic suggesting that my Uber account getting breached is the downfall of society, but it has resulted in a loss of trust, and a loss of access to Uber Eats. Technology is freaky, we rely so heavily on it that as soon as it doesn’t work or something goes wrong, we don’t know how to operate. We as a society have adapted so quickly to the benefits of technology, but struggle to adapt back to how we were before as soon as they are compromised.

In my ever-present life of more breaches than I would care to admit, you would think I would be more careful with technology.

And I am: I have password protectors, anti-virus programmes, and a small sticker over my webcam (some real top of the line protection). 

But when a company loses our data there isn’t anything you can do, unless you cancel your credit card, change your email, last name and move to a new house. Some of which may be a little bit of an overreaction when most ‘free’ apps gain capital by selling your data to third party sites anyway. 

Recently in the news, Facebook came under fire for losing over 50 million users' data. In 2014, Yahoo lost three billion user accounts which included names, emails, and phone numbers. In late 2016, Uber lost the personal information of 57 million users, including names, phone numbers and emails.

The bad part about that last hack was that Uber didn’t make the breach public until 2017, a year later. What’s worse, they paid the hackers USD$100,000 to destroy the data with no way to verify that they did, claiming it was a “bug bounty” fee. Uber fired its CSO because of the breach, effectively placing the blame on him. 

Information on the data breach available on the app states “the security incident that resulted in the breach of information included names, email address and mobile phone numbers.”

  • For more on how this scam works, check out the Reply All podcasts here and here. 

One of the bank transactions 

For the past two months, every Monday around lunchtime, an account presenting as Uber has been taking lump sums out of my account, ranging from about $7 to $50. Now, obviously these trips are not mine, seeing as the only time I use Uber is usually coming home from the clubs on Saturday night. And although I may not be in the clearest frame of mind on those trips, I still know if I’m inside a moving Toyota Prius or not.

The codes vary on my bank account, usually along the lines of Uber BV* or Uber Trip*, on the same day, around the same time.

Now if you’re wondering why it has taken me months to notice this, it is because I live in my overdraft and avoid looking at my bank account as much as possible. But this is not the time to be giving me financial advice.

What finally got my attention was the 40 texts from Uber in 24 hours, supplying me with an Uber Code, one which is usually used when needed to access an account you forgot a password for. I took these signs to bite the bullet and check my account and going back to February this year, an account masking as Uber had been taking money out of my account almost every week, with the total far above $300.

I quickly deactivated my account (not that that would stop my credit details from being out there in the wild). Almost akin to picking up something unsanitary, you think dropping it is going to solve the problem, but the germs are still on your hands to deal with. And these germs still had my card details.

I tried to log back into my account instantly, as I thought it would help to form the dispute against the company, but as soon as I tried to log in, it denied my access, stating that I had tried too many times to log in unsuccessfully.

Uber recommends finding a ‘help’ section within its app, which would have been handy to know before I went and locked myself out of it.

My first thought was to email Uber, but finding Uber's support account was about as easy as finding the Da Vinci Code, and even then, the email didn’t work – off to a great start.

Luckily for me, working in media means usually someone around you can supply a contact with almost anyone, Uber included.

Armed with an email from a colleague, I sent my strongly worded masterpiece off to the behemoth. It bounced back three times, until I realised Outlook blocks emails with the word ‘hack’ in the headline. On the fourth attempt it finally went through.

“Obviously somehow, through Uber, my credit card details have fallen into the wrong hands,” I quipped. “I would be very interested to know how this came to be.” I had them shaken.  

With the law of the land on my side, and with suggestions from a boss with smarter ideas than mine which didn’t involve sitting back until it went away, I called the bank.

Cancelling a card has a refreshing feeling to it when you’ve been hacked, cancelling your third card because you never learn your lesson is slightly less refreshing. The bank informed me that this money stealing had been coming out of my account since December 2017. With over $700 missing from my account since then and none through a reputable Uber account.

As I wait for Uber to “come to the party” as my bank assistant so adequately put it, I can’t help but muse over our undying loyalty to convenience. We will keep our credit card details in any app, as long as it makes checkout processes faster. The option to cut the time of reaching into our wallets, and entering something manually, is seen as a big drawcard (pun intended), customers are so easily swayed by making things easy, they forgo possible risks.

Keeping your details saved anywhere is risky, and big corporations that are known for having these details saved are huge targets for hackers. And although these big corporations try their best to keep customer data safe, it often falls into the wrong hands.

Just ask the 57 million Uber users that are most likely dealing with the same issue. I may be a bit more careful in the future, but unfortunately, if large companies are not careful and honest with data, there isn’t a lot we can do about it. People will continue to use the platform, maybe with some trepidation, but there would have to be a larger more detrimental risk to get consumers to change their behaviour.

As these trips are not recorded on my app I would find it hard to believe the Uber app itself is taking the money, more likely someone masking as the company. Yet the Uber code texts and being locked out of my account show that in the 2016 breach of mobile numbers and emails, I was most likely included.

In the meantime I will wait for Uber to reply, but if there is anything more difficult than getting a contact for a faceless corporation, it’s getting money from it. 

Updated: 17/05/2018 - 11:30

A representative from Uber's PR team has requested we rectify information regarding this article. 

"Uber has seen no evidence of fraud or misuse tied to the 2016 incident. Uber’s outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers or dates of birth were downloaded in the breach. Uber is monitoring the affected accounts and have flagged them for additional fraud protection.

"It is an unfortunate reality that all online accounts, whether email, banking, or Uber can be the target of phishing attacks that aim to steal a user’s personal information, such as passwords.

There are multiple reasons why unauthorised activity may occur -  including whether the user is maintaining good habits in safeguarding personal information security, whether the device has been compromised, or even issues with the financial institution and its products. Fraudsters may also try to use credit card numbers stolen from other services to request Uber trips.

To reiterate, in relation to the 2016 data breach, Uber has seen no evidence of fraud or misuse tied to the incident and no credit card information was downloaded.

On reaching Uber support, Uber uses in-app help as it is the most efficient way to provide partner and customer support at scale."

I have yet to hear from Uber's support team in regards to the breach.

​ ​

This is a community discussion forum. Comment is free but please respect our rules:

  1. Don’t be abusive or use sweary type words
  2. Don’t break the law: libel, slander and defamatory comments are forbidden
  3. Don’t resort to name-calling, mean-spiritedness, or slagging off
  4. Don’t pretend to be someone else.

If we find you doing these things, your comments will be edited without recourse and you may be asked to go away and reconsider your actions.
We respect the right to free speech and anonymous comments. Don’t abuse the privilege.


Trelise Cooper introduces The Shielded Site in support against domestic violence

  • News
  • December 13, 2018
  • Courtney Devereux
Trelise Cooper introduces The Shielded Site in support against domestic violence

Trelise Cooper has shown its support towards the Women’s Refuge initiative by including The Shielded Site, a protected portal which helps victims of family violence speak out undetected.

Read more

Look out, Jeff Bezos

  • News
  • December 11, 2018
  • Sarah Dunn
Look out, Jeff Bezos

The NZ Retail team has, for most of 2018, been coming up with terrible start-up ideas for fun. Here's a few of our not-so-greatest hits.

Read more

Fast food chain Taco Bell to launch in New Zealand

  • News
  • December 11, 2018
  • Radio New Zealand
Fast food chain Taco Bell to launch in New Zealand

One of the world's popular fast food chains is finally coming to New Zealand.

Read more

Social scoreboard

Zavy and The Register have worked together to create a scoreboard that compares how the top 25 traditional media advertising spenders in New Zealand have performed on social media over the past 30 days, updated in real time.

Concept to closet
Business coverage of New Zealand Fashion Week.
Town centres
A positive retail environment over the past 12 ...
Amazon Arrival
Keeping up with all things Amazon as it ...
The Retail Yearbook 2017
As we battle our way through the busiest ...
Hospitality enhancing retail
Some think food and integrated hospitality offerings will ...
The future is bright
We spoke with four retailers in their twenties ...
Spotlight on signage
At first glance, the humble in-store sign might ...
Red Awards 2016
The Red Awards for retail interior design celebrate ...
Auckland Unitary Plan
Auckland is changing. The Unitary Plan will decide ...
How to open a store
Sarah Dunn considers what it would take to ...
All things to all people
Kiwi retailers share their omnichannel strategies.
Rising stars
Retail's top young achievers.
Delivering on your promises
The sale isn't over until your item is ...
Retail in heartland New Zealand
Retailers keep the regions pumping, but how strong ...
Women in retail help one another. We spoke ...
The changing face of retail
Shifting demographics are creating big changes in New ...
The retail yearbook
With the help of experts in the retail ...
Retail rogues
We put the spotlight on staff training. Jai ...
Here come the giants
Topshop has arrived in Auckland’s CBD, David Jones ...
Window shopping: A spotlight on social media
Sarah Dunn and Elly Strang look at how ...
From retail to e-tail
Ecommerce has become part of the way mainstream ...
Loyalty in the digital age
How are retailers maintaining loyalty? Sarah Dunn, Elly ...
The Innovators | In partnership with Spark Business
Technology is rapidly changing the retail industry as ...

Fonterra's possible sale of Tip Top: 'They just need the cash'

  • News
  • December 11, 2018
  • Radio New Zealand
Fonterra's possible sale of Tip Top: 'They just need the cash'

A marketing expert has warned the sale of Tip Top could see a repeat of the Dunedin Cadbury factory saga and would not make long-term financial sense.

Read more

Community concepts: The team behind Britomart's new lovechild, Morningside

  • News
  • December 11, 2018
  • Elly Strang
Community concepts: The team behind Britomart's new lovechild, Morningside

You may know Nat Cheshire from Cheshire Architects as the designer behind some of Auckland City’s most character-defining developments, such as City Works Depot and much of Britomart, or as one of our Most Creative winners. As 2018 draws to a close, Cheshire has debuted a new development with his name attached to it called Morningside. But instead of being a masterpiece he’s created for a client, this time around, it’s his and his friends’ own money on the line. Here, he talks taking his vision for Auckland into the suburbs, tapping into the culture of Kingsland and where he’s casting his eye to develop next.

Read more
Sponsored content

eStar CTO, Matt Neale talks fighting fraud this shopping season

With the continuing growth in online shopping a less glamorous side of this trend is the increase in online fraud. As we head into the ...

Next page
Results for
About us.

The Register provides essential industry news and intelligence, updated daily. And the digital newsletter delivers the latest news to your inbox twice a week — for free!

©2009–2015 Tangible Media. All rights reserved.
Use of this site constitutes acceptance of our Privacy policy.

The Register

Content marketing/advertising? Email or call 022 639 3004

View Media Kit