Hacked Uber accounts are being traded on internet black markets and fetching a higher price than stolen credit card details as cybercriminals turn their attention on charging phantom rides to unsuspecting users.
The deep web has seen personal information, banking accounts and, more recently, Netflix and PayPal logins being sold by cybercriminals for a mere pittance. Now, the hottest property in illegal trading on the murkier parts of the web is the account details of Uber users, which can be picked up for just $4 (£2.80). While this is less than the cost of a sandwich it's still far more expensive than stolen credit card details and it has quadrupled its price in just under a year.
Security firm Trend Micro compiled research on the price tags for stolen information being traded on the dark web with the noticeable rise in price for Uber details. They also found the average price for a PayPal account (with $500 in balance) was $6.43 (£4.54), while Facebook logins were listed at $3.02 (£2.13) and a Netflix account for just 76 cents (53p). Remarkably, the details of peoples' credit cards cost less your average piece of fruit with cards being sold at around 22 cents each.
What is the Deep Web?
This part of the internet is not accessible without a known address or access details. Standard browsers can access deep websites. Typically not indexed by search engines such as Google. It's not to be confused with the Dark Web, which requires a special browser to access.
The reason why credit card details are so cheap is due to banks upping the sophistication of their security and fraud systems, which is leaving stolen cards useless in the wrong hands.
"It's an incredible underground ecosystem. There is a high level of competition for these criminal buyers and there are a lot of different types of forums. It's incredibly diverse, but incredibly mature," Ed Cabrera, Trend Micro's vice president of cybersecurity strategy told CNBC.
Uber users being charged for 'ghost rides'
The hot commodity of a stolen Uber account has led to the rise in ghost rides being reported by users of the taxi app where cybercriminals around the world are charging journeys to unsuspecting victims.
Some hacked Uber users have taken to Twitter to reveal how they were charged for trips in other continents with one victim showing how he was charged for a four and a half hour taxi ride in South Africa despite not living in the country.
The price for a hacked Uber account did drop in 2015 after the company introduced multi-factor authentication but this has not been rolled out to all markets, and where it is not required the use of a stolen account can be freely used.
This revelation serves as a reminder for large corporations to work harder at tightening security as well as encouraging users being more vigilant with their passwords and login details. The likes of Uber, Facebook and Netflix are all working on new ways to protect accounts and will, in most cases, offer two-step authentication to access its services or monitor accounts and alert users to any unusual activity.