About that time my Uber account was 'hacked' and someone kept requesting rides in Florida and I had to cancel them as fast as they made them.
I emailed Uber support and they got back to my 3 days later.
Then someone proceeded to try to gain access to every account I had with that email and password (yeah, yeah, I know). The next worse was someone getting into my DigitalOcean account and launching an instance.
It has finally settled down, I occasionally get alerts from people trying to break into something but lots of 2FA and no shared passwords anymore.
I am not sure if this was Uber's fault or another site's but the timeframe of Oct 2016 lines up.
In the disclosure it says that the attack included names, email addresses and phone numbers. It did not contain any passwords or social security numbers, so your passwords must have been compromised in some other way.
It's not related to this particular breach, but given this and Uber's other issues, it's not out of the realm of possibility that at some point they had a more serious breach involving loss of password hashes or interception of credentials at login.
(But in all likelihood the poster's account was just compromised through the usual means, otherwise there would be more reports of hacked accounts.)
The article states that this disclosure came out of an board commissioned investigation into the activities of Sullivan’s security team. Do you think that other more serious breaches discovered by this investigation is hidden, or is this more of a general sentiment around how you perceive Uber?
About that time my Uber account was 'hacked' and someone kept requesting rides in Florida and I had to cancel them as fast as they made them.
I emailed Uber support and they got back to my 3 days later.
Then someone proceeded to try to gain access to every account I had with that email and password (yeah, yeah, I know). The next worse was someone getting into my DigitalOcean account and launching an instance.
It has finally settled down, I occasionally get alerts from people trying to break into something but lots of 2FA and no shared passwords anymore.
I am not sure if this was Uber's fault or another site's but the timeframe of Oct 2016 lines up.