Some people have reported problems with Uber bills for trips they never made. Usually, the trips are in a different country. This isn't a new issue. In April 2015, there were reports of Uber account details for sale in parts of the Internet used by criminals, and phantom trips being made.
Uber are saying it isn't a problem with their system but with people reusing the same login details across different websites. As far as I can tell, Uber don't offer two-factor authentication - which would send you a text message when you login to complete the process - so there is no way to stop someone logging in if they have obtained your 'standard' password.
The lesson from this is to avoid using the same password across multiple sites. To be more secure, think about using a 'pass phrase' rather than a password. The Microsoft guide gives some good examples.