Uber sends hacking victim new password in plain text email
Hacked Uber user highlights taxi firm's security response issues
Uber's security policy has come under scrutiny after another user had her account hacked.
The taxi app company reportedly took more than 24 hours to respond to the New York-based user, who found calls and charges from the UK had appeared on their account, according to Motherboard.
Hackers have targeted Uber accounts before, but the latest incident not only resulted in a delay, but with Uber sending the victim her new password in a plain text email.
When Uber eventually responded to complaints about the incident, it was with an email informing the user that they had changed their password, writing it in a plaintext email.
This is a well-known security misstep, lacking the basic encryption preventing hackers from finding the password in such an email.
George Rosamond, a system administrator specialising in privacy and security, told Motherboard: "These companies act like innovators, but in reality they really are reusing old infrastructures and practices. A little time and energy spent approaching the old security questions could go a long way."
Whether this was the fault of one Uber employee or something indicative of Uber's general security policies is currently unclear, but the experience did lead the user in question to request Uber delete their account and all information associated with it.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The news comes a week after Uber reportedly put together a $3 billion bid for Nokia's mapping service, known as Here.
Uber currently relies on Google Maps, but wants to own its own technology as Google works on developing driverless cars.
While Google Maps is by far the most popular mapping tool, Nokia's Here dominates the automobile space.
Caroline has been writing about technology for more than a decade, switching between consumer smart home news and reviews and in-depth B2B industry coverage. In addition to her work for IT Pro and Cloud Pro, she has contributed to a number of titles including Expert Reviews, TechRadar, The Week and many more. She is currently the smart home editor across Future Publishing's homes titles.
You can get in touch with Caroline via email at caroline.preece@futurenet.com.