Lyft Customer Alarmed On Data Breach With Recycled Numbers
Taxi hailing service, Lyft, has been pit on high alert after users of the American based ride sharing app reported that they had noticed attempts at fraudulent transactions made on their debit cards. One of the Lyft service users, Lara Miller saw two charges on her debit card earlier this month, and they showed that they had been made somewhere in Las Vegas.
This is rather strange since she lives in California, and therefore she immediately reported the issue as she believed she had been made a victim of credit card theft.
However, the issue was rather with her old Lyft account which had been unknowingly transferred to another person on the service, whom she had never met. This was possible because her former phone carrier recycled her number and gave it to the new person who also used the same number to register for a Lyft account. Miller says that she had already cancelled service with this number back in April this year, so there might be a big issue here.
Trying to understand the problem and sort out the confusion, we have to go back to the Lyft authentication system. Lyft does not use the specific usernames and passwords to sign up for their service but rather they need to phone numbers for users to sign up for the service. This is where the problem arises.
The number stays in the system even when subscriber has already switched their numbers and have a new phone number. They also don’t have any means of updating the system with their number. When Miller saw what the problem was, she immediately reached out to the woman who was using her old number.
The woman also said that she had encountered problems when she tried to register for the app. She had activated her account with the old number and as she went to update the payment plan, the service would not allow her to. She also could not find a way to create a new account. She said she thought that the app had taken her payment information into consideration and as she went out and about in Las Vegas she didn’t realize it might had been someone else’s card.
When contacted, Lyft said that the issue was an isolated case but it seems many users have been reporting about the issue to several media outlets. Lyft says that they are justified because customers can always call customers service to cancel their subscriptions. The former chief security officer at AT&T said that firms like Lyft were supposed to provide much better ways of authentication than what they were offering.