As reported by Motherboard, there are multiple Lime Scooter accounts up for sale on various dark web marketplaces right now, with the listing price averaging at approximately $15. The buyers can pick between European Union or United States accounts, depending on what exactly they need. The seller claims that the stolen accounts have been tested and verified to be functional, and once they are sold they will be deleted from their database, meaning that the buyer will be the sole user. Of course, these are dark web adverts, so the listing details and the promises that accompany them have no value really.
Lime is a US-based urban transportation company that offers people the ability to rent electric scooters. The user has to install an app on their mobile, which will help them locate the nearest available scooter. Having located the scooter, they rent it by providing an electronic payment method in the app and scanning the QR code that’s on the scooter. After the ride is over, the user simply declares its end on the app, and the corresponding cost is withdrawn from the submitted credit card. An image of the parked scooter is also required as a final step, to ensure that you haven’t thrown it in the sea or anything like that.
So, buying a Lime account from the dark web means that you are buying a package that has a declared email account, password, and credit card. That said, the buyer can theoretically use this account on their Lime app, and practically enjoy free Lime scooter rides around their city. That is until the legitimate owner realizes the fraudulent transactions if this ever happens of course. The cost depends on the city, use times, areas, etc., but for a typical 5-minute ride, it’s around $2. This means that the owner may not notice these small charges for quite a long time.
Following the publication of these reports, a representative of Lime told the press that the stolen accounts were not sourced from the company’s platform, so there isn’t a security vulnerability that needs to be plugged. However, he did point out that this practice is against the user agreement, violates the Lime policy, and is illegal. That said, if the buyers of these accounts are located, they could face legal actions against them. The company has also expressed their intention to incorporate Apple ID login on their iOS app, and also to exclude passwords that have appeared in haveibeenpwned.com.
Are you using Lime or any other trendy mobile scooters for your urban transportation? Share your thoughts on the above in the section down below, or join the discussion on our socials, on Facebook and Twitter.