Lyft, however, has said that users can cancel accounts by contacting its customer support.
To prevent the problem, companies should offer customers stronger forms of two-factor authentication, and not merely rely on a phone number to confirm a user's identity, said Edward Amoroso, former chief security officer of AT&T and CEO of security consultancy TAG Cyber. .
"Unfortunately, however, the industry will probably not shift to improved validation methods unless users decide that they will no longer accept this kind of risk," he said.
Miller is concerned the ride-hailing app hasn't done more to fix this problem. Lyft offered an apology, and claims it refunded the charges from her bank account last week. Miller said she finally received the refund Tuesday.
"I'm just annoyed and I want more people to know about this," she said. "I think it's a pretty big flaw in their security."
Although Lyft has suspended Miller's old account, that's left Elysia with no access to the ride-hailing service.
"Now I can't even log on to Lyft," Elysia said.
Sign up for Computerworld eNewsletters.