Motherboard reached, James Allan, sales director for OISG, a technology solutions company, whose emails and deails were on sale. Allan confirmed that the username and password Motherboard had seen were correct, as well as the expiry date on his personal credit card. He doesn’t actually use Uber anymore, and the last trip he booked was in December 2013.ArsTechnica had reported the issue to Uber, but Uber spokesperson Trina Smith said that the company did not find evidence of a breach.
"Bloody hell," Allan said over the phone, when he was told what his password was.
He was "extremely surprised" by the revelation, he said. Allan also said that he doesn’t use the internet much for financial transactions, preferring cash "for this very reason."
Smith said "Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report," “This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services.”
Earlier in February Uber announced a data breach that resulted in unauthorized access to the driver partner license numbers of roughly 50,000 of its drivers. May the login credentials were also stolen on this breached. But at this time it is unclear that where the data came from and how many users were impacted.