IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Uber sends hacking victim new password in plain text email

Hacked Uber user highlights taxi firm's security response issues

Black taxi cab sign

Uber's security policy has come under scrutiny after another user had her account hacked.

The taxi app company reportedly took more than 24 hours to respond to the New York-based user, who found calls and charges from the UK had appeared on their account, according to Motherboard.

Hackers have targeted Uber accounts before, but the latest incident not only resulted in a delay, but with Uber sending the victim her new password in a plain text email.

When Uber eventually responded to complaints about the incident, it was with an email informing the user that they had changed their password, writing it in a plaintext email.

This is a well-known security misstep, lacking the basic encryption preventing hackers from finding the password in such an email.

George Rosamond, a system administrator specialising in privacy and security, told Motherboard: "These companies act like innovators, but in reality they really are reusing old infrastructures and practices. A little time and energy spent approaching the old security questions could go a long way."

Whether this was the fault of one Uber employee or something indicative of Uber's general security policies is currently unclear, but the experience did lead the user in question to request Uber delete their account and all information associated with it.

The news comes a week after Uber reportedly put together a $3 billion bid for Nokia's mapping service, known as Here.

Uber currently relies on Google Maps, but wants to own its own technology as Google works on developing driverless cars.

While Google Maps is by far the most popular mapping tool, Nokia's Here dominates the automobile space.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Uber secures 30-month licence to operate in London
Policy & legislation

Uber secures 30-month licence to operate in London

28 Mar 2022
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022