Cybercriminals don't care that much about your credit card number anymore.
Uber, PayPal and even Netflix accounts have become much more valuable to criminals, as evidenced by the price these stolen identifiers now fetched on the so-called "deep Web," according to security company Trend Micro.
Stolen Uber account information on underground marketplaces sells for an average of $3.78 per account, while personally identifiable information (PII) was listed for $1 to $3.30 on average, oddly down from $4 per record in 2014, according to data compiled by Trend Micro for CNBC last year. (PII includes any information that can be used to commit identity fraud, like Social Security numbers or date of birth and varies in price depending on the specific information for sale.)
So how could a criminal use a stolen Uber account? Those credentials can either be used to build a fuller picture of a victim for identity theft, or they can be used to charge phantom rides, experts said. A phantom ride is when a criminal sets up a fake driver account, and charges nonexistent rides to stolen accounts.
They also found the following accounts for sale at these average prices per account; PayPal — with a guaranteed $500 balance — ($6.43), Facebook ($3.02), Google Voice (97 cents) and Netflix (76 cents). By contrast, U.S. issued credit card credentials, sold in bundles, were listed for no more than 22 cents each.
A quick search for tweets with the hashtag #uberaccounthacked reveals a number of complaints related to "ghost rides," in which users claim their Uber accounts have been charged for rides they did not take. These are often in far flung locations across the globe.
Tech companies are aware of the threat, and many (including Uber) employ teams to monitor accounts for strange activity, alerting users when accounts may have been compromised. They also encourage users to adopt additional security measures and use different passwords for different accounts.
Having said that, we thought we would share with you a little trick we often use to create a secure (AND easy to remember) password.
Think your staff could use a tool to help them manage their passwords? Check out this article we wrote about some of the options available for you.