What Uber described as "a glitch" in its computers led to a number of users being charged improperly, in at least one case for more than $28,000, according to the ride hailing app giant.
The company reported the glitch affected "a handful" of users, and was only a temporary problem. Its engineers are working to ensure a similar glitch doesn't happen, according to a statement from the San Francisco-based company.
Uber typically puts an authorization hold on an account when a person orders a ride as a way to confirm the payment method. The glitch caused that authorization to be much larger than is normally charged.
The company declined to say how many people were affected, but at least one Philadelphia woman, who declined to be named, said her bank flagged and blocked a charge from Uber for $28,639.14.
The explanation of what happened was contradictory. Initially, the Philadelphia woman received an email from Uber stating her account was hacked.
"Your sign-in information seemed to have been compromised/phished from another website and then tested on our platform," the Dec. 9 message from Uber's customer service stated. "This kind of fraud is highly sophisticated."
Six days later, though, the company sent another email saying it had erred and her account "had not been compromised."
"Your information is safe, and the charge that appeared on your credit card statement was an unusually large authorization hold," Uber's customer service wrote in the Dec. 15 email. "This was never processed as a payment, and our engineering team has been made aware of this error."
Drivers who use the Uber app do not have access to passengers' payment information, the company reported.
Apps like Uber have become popular targets for hackers. Less well protected than banks, companies like Uber or Netflix do business almost entirely online and have people's personal and financial information stored in databases.
"First stop is to go some place that has huge databases brimming with information," said Adam Levin, a cybersecurity expert who had served as director of New Jersey's Division of Consumer Affairs.
There are myriad ways hackers access people's information, from breaking into corporate databases to phishing, which involves tricking people into revealing personal details and financial information through fraudulent electronic communication like phone calls, emails, and texts.
More than $1 billion was taken through internet crime in the country in 2015, according to the FBI, and more than 127,000 complaints of losses. Personal data breaches accounted for 19,632 of reported incidents, and phishing and related crimes accounted for 16,954 complaints.
Making life easier for thieves is peoples' habit of using the same login and passwords for all their online accounts. Having a person's gmail login, for example, can be the key to accessing all their apps and online accounts.
In March 2015 Motherboard, an online tech magazine, reported hackers were selling information on the dark web thousands of Uber accounts for $1 an account, allowing buyers to take Uber rides on someone else's dime. Uber told that news outlet the data wasn't leaked due to a security breach in its system. In October 2015 Uber accidentally made personal information for about 600 drivers public online, Motherboard reported.
Hackers can work for organized crime groups almost as contractors, extracting information and selling it to a syndicate, and Eastern Europe has become a nexus for these crimes.
"What we're seeing in 2016 is organized crime getting a partnership with hacking groups and computer hackers themselves," said Brian Herrick, an FBI special agent supervising Philadelphia's criminal computer intrusions squad.
The FBI has begun embedding agents with law enforcement in countries like Bulgaria and Germany to respond to these breaches Herrick said.