If you use Uber, you might be doing exactly that!

Uber users have taken to Twitter to reveal that their accounts have been used by unknown, unauthorized people to book and pay for rides. And this could be what’s happening…

• It started with a thread written in December 2014—a configuration file that, when combined with an account cracking program, helps hackers break into accounts on websites.
• The configuration file tells the cracking program how exactly to interact with a specific website, so different login attempts can be made as quickly as possible.
• Computer criminals can get their hands on data dumps of email and password combinations fairly easily.
• Hackers then run the dump list by individual websites and wait for a match.

The easiest thing you can do to protect your account right now is actually to follow Uber’s advice and change your password to something unique, so hackers who have stolen credentials from other services can’t reuse them on Uber.

Keep in mind that using the same email/password combo for your accounts, especially when they’re connected to your bank, credit card or PayPal account is like having a single key to open everything—impractical and unsafe. Treat your email addresses and passwords as you do with your home security. Multiple locks (doorknob, deadbolt, etc.), each requiring their own key, helps keep your valuables protected.

For more information on how to protect yourself and your company from current threats make sure to read this month’s article – IT Lessons From Grandma, A Stitch In Time Saves Nine