May 25, 2015 · 1 minute

Authorities inside the United States are investigating reports that Uber has charged British consumers for rides which they claim to have never taken.

The Guardian reports that one Uber customer was charged $260 for a ride in California that, because of the time difference, took place in the dead of night. Others have simply claimed that their Uber accounts have been compromised.

A spokesperson for Uber told the Guardian that fraudulent charges will be refunded, and, after reiterating that it hasn't found evidence of a breach, has advised its customers to use a unique password for its mobile application.

Motherboard was the first to report that Uber account credentials were available on the dark Web. Sellers have claimed to have details about "thousands" of customers, and many accounts can be bought for just $1.

This is from the original report about Uber accounts being compromised:

Motherboard received a sample of names and passwords available and verified that at least some of the accounts were active by contacting those users. The data includes names, usernames, passwords, partial credit card data, and telephone numbers for Uber customers.
Uber isn't the only company dealing with fraudulent purchases made via its mobile application. Starbucks came under fire almost two weeks ago because hackers were using its app to siphon funds from consumers' bank accounts.

In that case, it seemed like the accounts were compromised simply because their owners used the same email-password combinations for various sites. A data breach might have revealed those combinations and compromised them.

It seems unlikely that information about usernames and partial credit card data for various Uber customers would've been collected in the same way. Yet Uber has said time and again that it hasn't found any evidence of a data breach.

Of course, not finding evidence isn't the same thing as there being no evidence to find. Perhaps the government will be able to find something Uber hasn't.

[illustration by Halile Bateman]