Strangers may be taking free cab rides -- on you.
Motherboard reports that perhaps thousands of Uber usernames and passwords have been stolen and are now being sold on the dark web for as little as $1 to $5 apiece.
The login credentials don't expose a user's full credit card number, but the last four digits and the expiration date are visible. The information is also enough to give buyers access to a user's trip history, which may reveal his home address, as well the phone number associated with the account.
If a person uses the same name and password on Uber as on other sites, the information could allow thieves access to other accounts.
At the very least, it's easy for whoever buys the info to get free rides at the user's expense.
Uber told Motherboard that they had investigated and found no evidence of a security breach.
The company suffered a breach last year that exposed the names and driver's license numbers of 50,000 of its drivers.
For account holders, this might be a good time to change your password, even if you haven't used Uber in ages.