Uber's security policy has come under scrutiny after another user had her account hacked.
The taxi app company reportedly took more than 24 hours to respond to the New York-based user, who found calls and charges from the UK had appeared on their account, according to Motherboard.
Hackers have targeted Uber accounts before, but the latest incident not only resulted in a delay, but with Uber sending the victim her new password in a plain text email.
When Uber eventually responded to complaints about the incident, it was with an email informing the user that they had changed their password, writing it in a plaintext email.
This is a well-known security misstep, lacking the basic encryption preventing hackers from finding the password in such an email.
George Rosamond, a system administrator specialising in privacy and security, told Motherboard: "These companies act like innovators, but in reality they really are reusing old infrastructures and practices. A little time and energy spent approaching the old security questions could go a long way."
Whether this was the fault of one Uber employee or something indicative of Uber's general security policies is currently unclear, but the experience did lead the user in question to request Uber delete their account and all information associated with it.
The news comes a week after Uber reportedly put together a $3 billion bid for Nokia's mapping service, known as Here.
Uber currently relies on Google Maps, but wants to own its own technology as Google works on developing driverless cars.
While Google Maps is by far the most popular mapping tool, Nokia's Here dominates the automobile space.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Uber hit with €290m fine for storing European driver data in the USNews The fine marks the latest imposed on Uber by the Dutch data protection authority
-
Uber says compromised third-party to blame for data breachNews Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three months
-
Uber launches infosec hiring spree after attributing breach to LAPSUS$News The company also hinted at the belief that LAPSUS$ was also behind the attack on Rockstar Games over the weekend in a revealing update detailing the inner workings of the attack
-
Uber hacked via basic smishing attackNews The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages
-
Former Uber security chief to face fraud charges over hack coverup
News This is thought to be the first instance of a corporate information security officer criminally charged with concealing a hack
-
Former Uber CSO charged for data breach cover-upNews Joseph Sullivan allegedly paid $100,000 to conceal the ride-hailing firm's 2016 data breach
-
Uber CISO: There was no justification for hiding data breachNews Senators slam taxi firm for cover-up of hack affecting 57 million people
-
ICO: Uber data breach raises huge concernsNews The ICO and NCSC will investigate the impact on UK customers
