A Long Beach man was billed nearly $1,900 by Uber for trips he says he never took.
Bill Briner said the trouble started when he received four peculiar notifications about Uber rides in California in mid-November while he had been in New York.
Briner promptly emailed Uber about the mix-up, asking for a refund.
“They said we have a division in the company that will deal with it, and you don’t need to worry about this anymore,” Briner said.
Briner thought the situation had been resolved, but he found out several weeks later that it was not — when his wife opened their December credit card bill.
“She said, ‘Bill, what’s up with all of these Uber charges,'” Briner said. “I stopped watching the show I was watching and focused on this.”
Briner said someone had taken 28 additional trips in about three weeks on his account, but he hadn’t received any notifications about those trips.
Some of the trips had cost $300, even $500, and totaled $1,872.92.
“Of course I was upset about it,” Briner said. “You have to wonder, how does that happen and not flag it for somebody.”
Briner once again reached out to Uber, but now, Uber wasn’t recognizing his email.
“So it seemed to me like someone had hacked my email address, and they were corresponding with them but not with me,” Briner said.
Briner added that his requests for a refund had also gone unanswered.
Eyewitness News reached out to Uber, and a spokesperson explained by email that Briner did deserve a refund.
“I’m digging into why Bill’s request was not routed properly,” wrote security communications spokesperson Melanie Ensign.
Ensign also confirmed a hacker had taken over Bill’s account and changed the email associated with the account, which is why Uber hadn’t recognized Bill’s email when he reached out for help.
“It is very difficult to deal with,” Briner said.
Uber blamed Briner’s situation on something called credential stuffing, which occurs when one account is compromised and hackers use the information to access multiple accounts that use the same email and password.
A free service that helps users know if their passwords have been stolen, HaveIBeenPwned.com, indicated Briner had been the victim of at least five recent breaches.
Briner’s experience is a good example of why it’s so important to use a variety of tough-to-guess passwords.
Briner has now received a refund from Uber, and he’s changed his passwords and canceled his credit card.