Ubereats security issue, no longer needs password

7
Posted 21st Aug
previously when logging into ubereats you would have to type in your number, enter the code you recieve by text and then type in your password.
ive recently noticed when logging out of uber eats and switching sim card to get discounts on another number, it no longer asks for password, it sends 4 digit code which now auto detects and bypasses the password screen.
now if anyone has any of my old numbers or if someone was to find a sim card they can just start ordering from the cards saved on the account, surely this cant be right ?
but ive even tried putting my sim in a different phone, i can still log in with no password and my cards are there plus paypal ready to order.
am i missing something ?
Community Updates
Ask
7 Comments
41724543-PVJNe.jpg
You can still choose to use password
sdylan21/08/2020 21:22

[Image] You can still choose to use password


The point is you dont need the password, you can choose to use it or you can just carry on to order without it
Uber will likely store a "fingerprint" of your device, if the fingerprint matches and you enter the right code they know it's you, or atleast your actual phone. Fingerprint could be something like IMEI, except it won't be the imei - but it will be a combination of things related to the phone that will be unique to you.
I think you are right.

When will you be informing Uber of your concerns?
MadeDixonsCry21/08/2020 21:40

I think you are right.When will you be informing Uber of your concerns?


I already contacted them, not expecting to receive a reply very fast, i just thought I'd mention it here so others could try it, incase it was somehow just my accounts although ive now tried 4 sims, none needed a password unless its linked to imei or google account somehow as mentioned above
Edited by: "Mark_Hickman" 21st Aug
I always Just eat and have used Uber eats once. However, I noticed not one but three suspicious transactions with Deliveroo!
I have never used Deliveroo. Got in touch with them on FB and they investigated and got my bank involved and then I got a refund
Moral of story, delete account before number gets deactivated. Unfortunately didn't do this myself
Post a comment
Avatar
@
    Text