Uber passwords and partial credit card info are showing up for sale on the darkweb. This passwords ahve been confirmed to be valid.
According to the listing (Tor, AlphaMarket login required), he or she has sold 131 such logins since March 18.
Ars attempted to contact the two vendors but they did not immediately respond.
In an interview with Motherboard, one vendor claimed to have “thousands” for sale, and even provided a sample of them. As the site reported Friday:
Motherboard reached out to one of the users whose email address and password was put up for sale: James Allan, sales director for OISG, a technology solutions company.
Allan confirmed that the username and password Motherboard had seen were correct, as well as the expiry date on his personal credit card. He doesn’t actually use Uber anymore, and the last trip he booked was in December 2013.
“Bloody hell,” Allan said over the phone, when he was told what his password was.
He was “extremely surprised” by the revelation, he said. Allan also said that he doesn’t use the internet much for financial transactions, preferring cash “for this very reason.”
In a statement e-mailed to Ars on Saturday morning, Uber spokeswoman Trina Smith said that the company did not find evidence of a breach.