Right after Uber confirmed their massive data breach last year where about 57 million user accounts were compromised, cybercriminals started targeting unsuspecting potential users of the Uber ride-hailing app with a new Phishing scam to steal user’s passwords.
Hackers are now using the breach through social engineering and have began sending potential Uber users phishing emails. The emails are crafted to trick users into giving their account passwords. Some people have taken to Twitter to report having received emails disguising to have come from Uber, and asking them to change their passwords.
“These emails aren’t from Uber,” company spokesperson Melanie Ensign told The Daily Beast. “We have multi-factor on by default for riders & drivers, but as always, you see anything suspicious on your account, you can contact us via the help center in the app or help.uber.com.”
A screenshot of the phishing email was tweeted by IT trainer and consultant Dale Meredith.
and the phishing email contains the following message:
“Our deepest apologies. You may have heard that Uber was compromised last year. We are sorry to inform you that your information was, unfortunately, confirmed to be part of the breach. Please click below to confirm you’ve received this message and change your password,”
But Meredith clarified another tweet that the screenshot of this email is actually from KnowBe4, an anti-phishing . service that created the Uber-themed email to caution people about the scam. Several people however tweeted claiming to receive Uber phishing emails, indicating that hackers are using the breach to scam users.