October 26, 2016 Lyft Users Alarmed on Potential Breach with Recycled Phone Numbers

Lyft Users Alarmed on Potential Breach with Recycled Phone Numbers

The American transport network company, Lyft, is on high alert for users of its ridesharing app as a particular media relations professional had reported of a possible fraudulent transaction made her debit card. Lara Miller found two charges made on her card in the early days of this month. These payments were made somewhere in Las Vegas while her place of residence is in California. She had immediately reported the incident because she thought she had been a victim of credit card theft.

Lyft Users Alarmed on Potential Breach with Recycled Phone Numbers
Credit: lyft.com

However, the real story is that her old Lyft account had been unwittingly transferred to another woman she had never met. This has become possible because her former phone service carrier had recycled her old provider and gave it to the woman who had used the number to register her Lyft account. Miller said she canceled service on this old phone number with telco way back in April of this year.

The confusion starts with Lyft’s user authentication system. The transport company ditched the typical idea of using specific usernames and passwords to sign up for their ridesharing service. Instead, they encourage subscribers to use their mobile numbers to create an account on the app.

The problem is that the phone number stays in the system even if the subscriber had already switched mobile carrier and had a new phone number. There is also no way for them to update the system with their new phone number. When Miller figured this out, she called the woman who now owns her previous mobile number.

Her name is Elysia and she had requested to keep her last name secret. She also admitted that she had noticed something odd on her Lyft account. When she was just registering herself for a Lyft account, she had discovered that there was an existing payment card stored in the account. She confessed that the app did not permit her to make changes in the profile so that she can update the payment details. She also didn’t find a way to create a new account.

Elysia thought that the system had accepted her credit card, but when she was taking a couple of rides in Las Vegas using the app, she didn’t realize that it was Miller’s card which had been charged.

Elysia also confessed that she had been getting plenty of text messages from Miller’s friends on her phone. Both women find the situation truly bothersome.

Lyft proposed that their situation is an isolated case. It is not very common. But several other individuals had also reported to different news portals about the same issue.

Lyft justifies that their subscribers can always call their customer support line to cancel their accounts. The former chief security officer for AT&T suggested that companies like Lyft should provide their customers with more potent forms authentication and not just depend on mobile numbers for identity verification. However, many users still prefer this 2 factor authentication method.

Miller was quite worried that the transport company is not doing anything to address her concern. Nevertheless, Lyft had sent their apology and credit back to her the amount that was mistakenly charged on her account. The company suspended Miller’s old account leaving Elysia with no ability to access the ridesharing app.

Tagged on:

Leave a Reply

Your email address will not be published. Required fields are marked *