Credential-Stuffing Account Fraud on Uber
Automated tools test leaked email-and-password combinations against Uber's login page, allowing attackers to book rides at the victim's expense, harvest saved payment details, or redirect driver earnings to mule accounts.
Part of: Credential Stuffing Account Fraud
Last reviewed: 8 June 2026
Uber accounts hold payment cards, home and work address data, and — for drivers — bank account details for earnings deposits. All of this makes a compromised Uber account a multi-faceted fraud opportunity for attackers who succeed in a credential-stuffing login.
As with all credential-stuffing fraud, Uber itself need not have been breached. The victim reused a password that was compromised on a completely different service, and automated tools tested that combination at Uber until it worked. The attack is largely invisible to the victim until fraudulent ride charges appear on their payment card or a driver notices a change in payout bank details.
Uber's anti-fraud systems detect unusual activity, but sophisticated stuffing operations use residential proxy networks to spread requests across different IP addresses and avoid triggering rate-based blocks.
How this scam works on the Uber brand
After a successful credential-stuffing login, the attacker quickly adds a secondary payment method or changes the existing one to a prepaid card that acts as a mule. They then book multiple rides to addresses in a different city — often using the victim's account to generate revenue for complicit Uber driver accounts in that market.
For driver accounts, the attack is more damaging: the attacker changes the payout bank account before the next earnings cycle, diverting one or more weeks of driving income. Drivers may not notice until they check their bank and find no deposit arrived.
Some attackers harvest the stored home and work address from the Uber account for use in follow-on social engineering: knowing where a target lives and works provides material for targeted phishing or physical crime.
Common red flags
- Uber sends a login notification from an unfamiliar device or location that you did not trigger
- Your Uber trip history shows rides you did not take, in cities you have not visited
- Your saved payment method has been changed or a new payment method has been added without your action
- As a driver, your expected earnings deposit does not arrive and your payout bank account details have changed
- You receive an Uber two-factor code you did not request
- You cannot log in to your Uber account despite using what you believe to be the correct password
How to protect yourself
- Use a unique, strong password for your Uber account — not shared with any other service
- Enable two-step verification in Uber account settings so credential theft alone is not sufficient for login
- Review your Uber account's saved payment methods and trip history regularly through the app
- As a driver, check your payout bank account details in the Uber Driver app at least weekly
- Check haveibeenpwned.com to identify if your email has been in a breach and update any reused passwords
- Enable Uber's login notifications to receive alerts for new-device sign-ins
How to report it
- Report account fraud to Uber via the in-app Help menu at help.uber.com
- If you are a driver and earnings were redirected, contact Uber immediately and request an investigation and reversal
- Report to the FTC at reportfraud.ftc.gov
- Contact your bank to dispute any fraudulent ride charges on your payment card
Frequently asked questions
Does credential stuffing mean Uber was hacked?
Not necessarily. Credential stuffing exploits passwords reused from other breached services. Using a unique Uber password eliminates this risk entirely regardless of what happens at other companies.
I see rides in my history that I did not take. What do I do?
Report them immediately through the Uber app under Trip Issues. Change your password and revoke all sessions. Contact your bank to dispute the fraudulent charges. Uber can investigate and issue refunds for confirmed fraud.
As a driver, how do I protect my earnings from payout redirection?
Check your payout bank account details in the Uber Driver app weekly. Enable two-step verification and use a unique password. Any unexpected change to your payout details should be treated as a security incident.