Uber and Lyft rides i didn't request?
June 16, 2019 8:28 PM   Subscribe

Couple weeks ago a Lyft driver showed up at my house looking for me, saying i requested a ride to a place about 20 miles away I'd never been to. I deleted Lyft and wrote off the $5 cancel they charged to my venmo. Just now I picked up my phone randomly to see the Uber app open. Kareem is on the way to take me to a place less than a mile away. Huh?

I tried to call Kareem in the Uber phone app. No answer. I messaged him in the app to cancel the ride. No reply but suddenly Scott is en route to take me to the same place because "Kareem couldn't complete the trip."

I quickly tried to change my Uber pw & turn on 2FA but the app was acting wonky. It was sending verification codes to my phone but wasn't allowing the process to complete. Nor could I log out.

I restarted (Android) and was then able to complete 2FA and pw change. I updated the app also.

But WTF? First Lyft then Uber?

Interestingly, both rides originated at my actual location at the time, which I'd never called a ride share from.

Also interesting is that tonight's very short fake ride was charged to my venmo as an $18 ride. I just checked and its currently a $6 ride, 30min later.

Have drivers figured out how to get into the rideshare apps? And why? For a $5 cancellation fee?
posted by stupidsexyFlanders to Travel & Transportation (9 answers total) 6 users marked this as a favorite
Response by poster: Here's another thing.

When i was trying but failing to change my pw, do 2FA, etc, some of the SMS verification codes looked like this:
[open carat poundsign close carat] Your Uber code: 8751. Reply STOP to unsubscribe. qlRnn4A1sbt

But some looked like this:
Your Uber code: 9697. Reply STOP to unsubscribe.

The ones with the string at the end all had the same string.
posted by stupidsexyFlanders at 8:34 PM on June 16, 2019

It sounds like you did not have 2FA active on your Uber account, correct? So if someone had your password, they could log in and request a ride, I assume.

It's highly unlikely any driver is breaking into accounts directly, but one plausible scenario is this: 1) You used the same password on some other service that was breached. 2) Some enterprising criminal has collected passwords obtained from data breaches and tested them against Uber accounts. 3) Mr. or Ms. Criminal uses those credentials to provide a handy service for Uber drivers: pay a small fee for someone near you to order a ride, automatically. 4) Kareem had a slow night, so he enlisted Mr./Ms. Criminal's service to get some rides ordered. A cancellation fee is better than $0, anyway. 5) When you tried to contact him, Kareem backed out of the ride, not wanting to draw attention to himself. 6) Scott picked up the ride request, not knowing any better.

That format of Uber 2FA messages (including the string "qlRnn4A1sbt") appears to be common (shows up in many places online), so it's probably legit, though odd.

The Lyft ride could have been ordered in a similar way. Did you happen to use the same password on Uber, Lyft, and at least one other service that may have been breached? You might be able to find yourself in a breach on haveibeenpwned.com.

If you were using strong, unique passwords on each service, then this explanation falls apart, and the whole thing gets more complicated.
posted by whatnotever at 9:33 PM on June 16, 2019 [4 favorites]

I agree with whatnotever that a data breach is the more likely scenario. The app may have been acting weird because someone else was trying to use your account at the same time.

I would double check your lyft and uber ride history, check all your credit card activity, as well as change the passwords on accounts with shared passwords.
posted by mundo at 9:45 PM on June 16, 2019

I have somehow pocket-ordered uber rides on at least three occasions. I may or may not be an idiot with messy pockets, but I would rule this out before worrying too much about enterprising criminal drivers stealing cancellation fees. The fact that 2FA was being weird at the same time may be a coincidence.

Just something to consider if it turns out that you aren't involved in a data breach and/or there is no suspicious activity otherwise.
posted by cilantro at 1:52 AM on June 17, 2019

It's likely that you've been hacked. More info in this podcast:
The Russian Passenger
Return of the Russian Passenger
posted by tuesdayschild at 4:27 AM on June 17, 2019 [3 favorites]

Response by poster: Even if my password was hacked, that doesn't explain why the ordered rides started at my current location, or why one of them resulted in an $18 charge for a $6 ride. At least the Lyft ghost-rider booked a ride for me that was a healthy distance away.
posted by stupidsexyFlanders at 6:26 AM on June 17, 2019

Have you disputed that charge with Uber?
posted by soelo at 7:23 AM on June 17, 2019 [1 favorite]

Do you have voice commands ("hey siri" or "ok google") activated on on your phone? Maybe it's hearing things and interpreting them as "get me a ride" or the like. That would at least explain why it's using your current location.
posted by moonmilk at 7:32 AM on June 17, 2019 [1 favorite]

I had the same thought - do you (or does someone at your home) by any chance have uber/lyft skills enabled on a smart home device like a google home or amazon echo? Those devices typically already know your home address, too...
posted by mosst at 8:25 AM on June 17, 2019 [1 favorite]

« Older What was up with this egg?   |   Babymooning in Chincoteague Island!! Newer »
This thread is closed to new comments.