Man Uber accounts late into the night and even stolen brush 4, across most of China's high-step, Uber, fraudulent-IT information

Linked across both 4 hours in Guangzhou, Shanghai, Shenzhen

Were cases of fraudulent non-officials remind you of your password should not be too simple

Members often use the friends network software by taxi to note, your account is likely to be fraudulent, bound Alipay money or bank card is missing! A few days ago, Guangzhou public encounter such trouble, your account-free for six months, was suddenly stolen brush 4 times in a row. Reporters found that experience is not the case, take a taxi software is fraudulent incidents occurred recently, and even the illegal use of software "loopholes" created an "underground" business.

Strange

Half-useless steps, late at night were fraudulent four times in a row

Mr Fu told reporters that starting from June 30 11:16, 1:59 A.M. until the next day, he received four text messages from PayPal, notify its success through taxi chain, amounts to 176.35. But at the time, pay the man at his home in Guangzhou, and six months did not use a taxi. "At first thought it was PayPal advertising, you don't care who knows money detained walked four times in a row, I thought my account was stolen! ”

Quickly open the App on the phone and found that there is no taxi records four times. Because there is no customer service phone, paid only by step mailbox reflects the problem of stolen brush, request details identify theft and return of property loss. PayPal customer service phone also reflect the situation. In order to avoid further losses, Mr Fu presided over the transfer to PayPal for the full amount on your bank card.

The morning of July 1, received four refund from PayPal. Meanwhile, excellent step by mail payment to the four "fraudulent" took a taxi journey, to his surprise, there was, take a taxi, Panyu, Guangzhou, Shanghai and Shenzhen. So who is using your account to play out of the car, also go unnoticed and deducted money from PayPal? Consider very quickly solutions tied to PayPal, and delete the accounts, after "can't".

Surprise

Stolen brushes is not the case, gave birth to "taxi" service

Experience is not the case. Press search on the Internet found that said many users have the same experience, doubt and is platform-dependent. Reporter also search found, in this year March, one white hat hacker "soil master" in clouds online announced has excellent step of vulnerability, think its "client interface design improper can led to hit library attack", that is, hacker can with traverse phone, (Note: with digital poor lift put all of possibilities are attempts to a again) of way to guess weak password exists of possibilities, also can according to Internet has leaked of user information for "hit library".

The other hand, the same account can be online at the same time on multiple devices, and there is no remote login prompts, plus excellent step by "micro-free passwords to pay" chargebacks, stolen painted one is not too difficult to do.

Xinhua also learned, criminals and even use this "loophole", forming a dark industry chain--a taxi business, take a taxi the cost will be "affordable", but the extra expense is paid so the fraudulent user to pay.

How to prevent accounts from being "fraudulent"? Some people suggested, can set the cancellation step in PayPal's "secret payments" feature, but the actual operation is found to be invalid, because of the abolition of the function removes the Alipay binding, if you bind again PayPal, automatically opened from secret payments .

Countermeasures

Itself to improve password strength occurs after the fraudulent customer service

Recently, China step for pay encounter "fraudulent" in response to the problems, said the network security team has started investigating the matter and will take strict security precautions, continued consolidation of platforms through technical upgrades to safety.

In addition, China says, investigate a account being stolen by others, usually with the same characteristics: multiple Internet platforms use the same account name and password, and the password is relatively simple. It is recommended that users take the initiative to improve password strength, does not use the simple or duplicate passwords with other platforms, strengthening the awareness of self protection.

Account has been stolen how can I contact customer service? China responded that once the user account is stolen, can send an email to a special address account issues email: support-CN-AC@uber.com will help users track down stolen accounts in the shortest time, compensation for losses caused by other vehicles, and ensure that users do not have any economic loss.

男子Uber账号深夜连被盗刷4笔，地跨大半中国 - 优步,Uber,盗刷 - IT资讯

数小时连扣4笔费用地跨广州上海深圳

被盗刷现象非个案，官方提醒密码不能太简单

各位经常使用网络打车软件的朋友要注意了，你的账号很可能会被盗刷，绑定的支付宝或银行卡的钱会不翼而飞！日前，广州市民付先生就遇到这样的烦心事，自己半年没用过的优步账号，突然被连续盗刷4次。记者调查发现，付先生的遭遇并非个案，打车软件被盗刷事件近来时有发生，甚至有不法分子利用软件“漏洞”催生出一条“地下”代打业务。

蹊跷

半年没用的优步，深夜遭连续盗刷四次

付先生告诉记者，从6月30日晚上11时16分开始，一直到翌日凌晨1时59分，他陆续收到支付宝发来的四条短信，通知其通过优步打车扣款成功，共计176.35元。但当时，付先生人在广州家中，并且半年没有用过优步打车了。“刚开始以为是支付宝发的广告，就没在意，谁知道钱连续四次被扣走，我想一定是我的优步账号被盗了！”

付先生赶紧打开手机上的优步App，发现并无这四次的打车记录。由于优步没有客服电话，付先生只能通过优步的邮箱反映了被盗刷的问题，要求查明盗用详情，并退回财产损失。同时还打了支付宝客服电话反映情况。为了避免进一步损失，付先生连夜将支付宝的全部金额都转出到银行卡上。

7月1日上午，付先生陆续收到了支付宝发来的四笔退款。同时，优步也通过邮件给付先生发来了四次“盗刷”打车的行程，令他惊讶的是，打车地点有广州番禺、上海以及深圳。那么是谁用自己的账号打了车，还神不知鬼不觉地扣了支付宝里的钱呢？细思恐极的付先生赶紧解绑了支付宝，并且删除了优步账号，“以后都不敢用了”。

惊讶

被盗刷并非个案，催生“代打车”业务

其实付先生的遭遇并非个案。记者在网上搜索发现，不少网友称有同样的经历，怀疑和平台有关。记者也搜索发现，在今年3月，一名白帽子黑客“土夫子”在乌云网上公布了优步的漏洞，认为其“客户端接口设计不当可导致撞库攻击”，也就是说，黑客可以用遍历手机号（注：用数字穷举把所有的可能性都尝试一遍）的方式来猜测弱密码存在的可能性，也可以根据互联网已经泄露的用户信息进行“撞库”。

另一方面，同一个优步账号可以在多台设备上同时在线，而且没有异地登录的提示，再加上优步采用了“小额免密码支付”的扣款方式，使得被盗刷成了一件并不太难的事。

记者还了解到，有不法分子甚至利用这一“漏洞”，形成了一条黑色产业链——代打车业务，打车费用会很“实惠”，但其实多出的费用正是付先生这样被盗刷的用户给支付了。

如何预防账户被“盗刷”呢？有网友建议，可以在支付宝的设置中取消优步的“免密支付”功能，但记者实际操作时发现无效，因为取消该功能其实是解除了支付宝绑定，如果再次绑定支付宝，则自动提示已开启免密支付。

对策

自身提高密码强度，发生盗刷后找客服

日前，中国优步对于付先生遇到的“盗刷”问题进行了回应，称优步的网络安全团队已经着手调查此事，并将采取严格的安全防范措施，持续通过技术升级来巩固平台的安全。

此外，中国优步表示，调查发生被他人盗号现象的账号通常具有同一特征：在多个互联网平台使用同一个账名和密码，且密码较为简单。因此建议用户主动提高密码强度，不使用简单或者与其他平台重复的密码，加强自我保护意识。

账户被盗后如何联系客服呢？中国优步回应称，一旦用户发现账户被盗，可以立即发送邮件至专门处理各种账户问题的客服邮箱：support-cn-ac@uber.com，会在最短时间内帮助用户找回被盗账户，赔偿非本人用车所造成的损失，确保优步用户不会有任何经济损失。