DENVER — Ninety-one charges in seven days. That's how many times someone used Lynn Otto's Uber account, amounting in close to $200 worth of charges.
"The first thing I thought was maybe it’s a driver that’s tipping on top of his rides on my credit card, but I don’t know that for sure," Otto said Tuesday, three weeks after the Uber charges started.
The charges accrued were small but frequent. Her account was charged 22 times on the first day, March 6. Every day after that, the mystery user accessed her account nearly a dozen times. This went on for one week.
“It could have gone on every day for a month and it could have been much higher,” Otto said.
Otto told 9NEWS she felt lucky she checked her account when she did. She was able to cancel her card, which stopped the charges. But she said Uber proved to be difficult to work with, and she needed to work with the rideshare company in order to get her money back.
"I went on my app. I went on their Facebook page. I went on their website. No phone numbers could be found at all," she said. "There was a customer service email address. That’s what I did."
Two weeks later, still no money back, but a lot of frustration on Otto's part.
After a call from 9NEWS Tuesday morning, Uber said Otto should be receiving her refund of almost $200 by the end of the day.
Here is the email we received from Uber:
"We are reversing all Ms. Otto’s charges immediately, including some that she missed. We recommend customers visit haveibeenpwned.com. You can enter the email address you use for any online accounts and the site will indicate whether your password for that account has been stolen.
The most common cause of hacked accounts on any online service is recycled passwords. We highly recommended that consumers never use the same password for multiple accounts and periodically check to make sure their passwords are still safe. We automatically encrypt & mask credit card numbers when added to the Uber app so that they can’t be stolen, even if someone gains access to your account.
2FA is on by default for all riders & drivers when we detect a login from a new device. You can choose to turn on 2FA for all logins using the security settings in the rider app. You can also choose whether you prefer to use text messages or time-based one-time password apps (like Google Authenticator or Duo)."
Here are some other resources Uber sent to help its users protect their account:
- Five Tips for Protecting Your Uber Account
- Advanced Technologies for Detecting and Preventing Fraud at Uber
- Report Uber charges you don’t recognize
SUGGESTED VIDEOS | Investigations from 9Wants to Know