Could be hacked
Car2go have a little electronic box on the window that originally used an RFID membership card, but now a smartphone app, to unlock - you then enter a pin inside the car and drive off. They obviously have GPS tracking because you have a map where they all are to find an empty one.
So either some jurisdictions allows you to sign up with only a stolen credit card - unlikely given you are driving a car. Or it as been hacked.
A couple of obvious ways - somebody cracked the the authentication between the car and the mothership to unlock it (or are faking the RFID card for older cars) and once inside just ripping the ignition in the traditional manner. Although you would assume that a moving car without a valid account would ring alarm bells
Or somebody has hacked the system to generate fake accounts, or simply paid off an employee to generate a few 100 fake accounts.