He confirmed that the details being sold were both valid and linked to live accounts.
Once a hacker has access to a person's Uber username and password they can book taxis from the firm's website and see their trip history. This could include their home or work address, for example, or a person's "Favourite places".
Full credit card details are not stored on the account, but a hacker can see the last four digits of a card number, as well as their full email address and phone number.
From this a person could commit wider identity fraud, or sign into other accounts if the username and password is copied across other sites, apps and accounts.
Courvoisier told Mr Cox they have "thousands" of login details obtained from "hacked accounts" and sells them for $1 each.
ThinkingForward sells them for $5 and gives a discount on bulk purchases.
These are said to be just two examples of dozens of listings on the dark net, a subsection of the deep web - the part of the internet that does not show up in searches or on social media.
Most of the information on the web is far down on dynamically generated sites, unable to be found or seen by traditional search engines.
The dark net is used as a way of sharing information and trading goods, but the anonymous and encrypted nature of it has attracted large amounts of illegal activity.
In September Uber said one of its databases had "potentially been accessed by a third party", but said only driver's names and licence plates were exposed.
They said it was a "one-time unauthorised" access and only impacted 50,000 employees
In response to the Motherboard report, Uber said in a statement: "We investigated and found no evidence of a breach.
"Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report."
It has advised users to make sure their usernames and passwords are 'unique and strong' and that they aren't used on other sites.
- Daily Mail
