With a username and password, you have access to a user's trip history, as well as the last four digits and expiration date of the attached credit or debit card and their telephone number.
Of course, you can also get a cab with the information and travel anywhere you want on someone else's dime.
Uber says they have not seen any security breaches, but the report verified that quite a few of the accounts were active by calling the users and reading back the info. "We investigated and found no evidence of a breach. Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report. This is a good opportunity to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services."
While Uber may not have been directly breached, if Uber user's info was taken from any other breach and they used the same password and user combo on Uber, the info could have been compromised that way.
Source:
Vice
Written by: Andre Yoskowitz @ 29 Mar 2015 23:22