Previous Story
Uber fail: Taxi operator leaks U.S. driver data in error
Posted On Oct 14 2015
Comment: Off
The documents included uncensored scans of driving licences, insurance certificates, proof of vehicle registration, and social security numbers.
Motherboard reported that the leak was noticed by Uber drivers on Tuesday, with a few of those who saw the leaked information alerting other people through the UberDrivers Reddit page and the UberPeople forums.
The bug apparently appeared when an Uber driver tried to upload or edit such documents, with Gawker writing that they were “warped to a screen that contains documents for complete strangers, a legion of Uber drivers around the United States”.
As many of you will already know, Uber has something of a poor reputation when it comes to protecting user and driver data. “When I looked closer, it might have been the database of Uber drivers that are taxicab drivers that have access to Uber”, he told Motherboard.
It’s not yet clear whether the driver data exposed today was collected by anyone with nefarious intentions, but those registered with Uber are understandably concerned.
674 Uber drivers affectedUber says at worst 674 drivers were affected and 1,000 documents exposed.
The Uber data leak that occurred was connected to the release of the company’s new app for drivers. “Within 30 minutes our security team had fixed the issue”. We’d like to thank the driver who drew it to our attention and apologise to those drivers whose information may have been affected.
Uber has repeatedly come under fire for failing to protect its drivers’ privacy: Eight months ago, as many as 50,000 driver names and license numbers were downloaded by a hacker, and Uber is looking into a connection between that incident and rival ride-hailing company Lyft. “Their security is incredibly important to Uber and we will follow up with them directly”, the spokesperson said. “This info can be used to create accounts and verify identities online”. Last week, Uber patched up a major security flaw that gave hackers continued access to user accounts even after passwords had been changed.
