A suspected group of criminals is robbing Lyft drivers by seizing their phones and digitally transferring their earnings to debit card accounts, exploiting a security weakness in the Lyft drivers’ app.

As many as 20 drivers have been hit since April 3rd, many of them within one particular Bronx precinct (the 49th), according to the NYPD. One driver was held up at gunpoint. Another was robbed of more than $800.

One Lyft driver, Kaymiul Uddin, picked up a pair of male passengers on May 11th at around 10:30 pm. During the ride, one of the men asked Uddin to make a stop, and the other man got out, ostensibly to run a quick errand.

The remaining passenger, according to Uddin, said he and his companion would be heading to a different destination than the one they’d originally requested. Uddin offered to update the address on his own phone.

“And as I went to type, he leaned over from the back, [and] snatched the phone out my hand,” said Uddin.

Uddin, 24, assumed the passenger was stealing his phone, but in fact something else was happening.

“What they were able to do was end the ride, go to my payout information, change the debit card information—there’s an express pay option where you can pay yourself daily—they changed that to some random debit card, and Lyft having no security for that, they ended up cashing out my earnings.”

Uddin got his phone back but lost $292.

A spokesperson for Lyft’s competitor, Uber, said she knows of no comparable incidents with Uber drivers and that the company has anti-fraud technology in place.

Meanwhile, Lyft is still working on a fix but said it has reimbursed every affected driver.

“Safety is fundamental to Lyft and this is deeply concerning,” said Lyft spokeswoman Campbell Matthews in a statement. “We are in touch with the drivers impacted to express our support, and have permanently banned the passengers who engaged in this unacceptable behavior. We stand ready to assist law enforcement as they investigate this.”

It’s not clear how the suspects can commit these crimes without easily being traced.

Uddin confirmed that he had been reimbursed, but only after WNYC asked Lyft about the incidents, ten days after he was robbed and after repeated attempts to get help from Lyft, both on social media and over the phone, as well as in person.

“They end up saying ‘Someone’s going to contact you in half an hour’ and they hung up the phone,” said Uddin. “I called them back in another two hours and the guy told me, ‘I’m sorry everything happened to you. Someone will reach out to you shortly.’ Same thing.”

The security flaw allows Lyft drivers to be “sitting ducks, waiting for a robbery,” said attorney Ali Najmi, who is representing Uddin.

“The fact that Lyft knows now that there are twenty cases and still hasn’t fixed the glitch is really concerning and really grossly negligent,” Najmi said.

Bhairavi Desai, executive director of the New York Taxi Workers Alliance, said the incidents had been communicated to the Taxi and Limousine Commission at a recent hearing.

“It leaves drivers very much vulnerable if passengers know all they have to do is get their hands on the phone,” Desai wrote in an email.

The NYPD said its Grand Larceny Unit is investigating a group of suspects and expects to make arrests soon.

Uddin plans to graduate from college later this month with a degree in economics. In addition to driving, he works for a management consulting firm based in Virginia. Since the incident he has cut back on driving and no longer drives at night, due to anxiety.

“My heart starts beating like crazy,” he said. “It’s just not worth it. I don’t care how much more money I can make. If the company that I’m driving for is not doing anything to protect me, what’s to say it’ll stop it from happening again?”

~source