Uber Accidentally Leaks Details Of Hundreds Of Drivers

SecuritySecurity Management
uber
0 38 No Comments

Driving licence information and vehicle registration among data let out by Uber

Uber appears to have suffered an embarrassing data breach after details of hundreds of its drivers were leaked online.

Social security numbers, pictures of driver licenses, and vehicle registration numbers were among the details accidentally revealed by the taxi company, with as many as 647 drivers thought to have been affected across the US.

Uber has apologised for the leak, which it says lasted only 30 minutes, and is thought to be linked to the launch of its new ‘Uber Partner’ app, which is designed to improve the relationship between the company and its drivers.

Lost

Uber Apple WatchThe leak was first noticed by new drivers attempting to register with Uber last night, who noticed when submitting their own documents that they were being presented with information from others on their Uber account “documents” page.

One driver said that he was presented with ‘thousands’ of confidential documents from other drivers when he tried to upload a document of his own, including taxi certification forms and livery drivers licenses in addition to personal information such as W-9 forms with Social Security numbers for taxi cab companies.

“We were notified about a bug impacting a fraction of our US drivers earlier this afternoon,” an Uber spokesperson said. “Within 30 minutes our security team had fixed the issue.”

The issue is the latest security problem to affect Uber as its stock continues to rise across the world. Back in March, it was revealed that the company waited five months to report a separate data breach which saw a database breach leading to the theft of the names and licence numbers of about 50,000 drivers.

It was later revealed that the security key used to carry out this theft was stored in a publicly accessible repository on code hosting service GitHub.

Its lost-and-found records were briefly published back in February, containing personal information such as telephone numbers, and in November it emerged that an Uber executive had used the company’s tracking tools to monitor the movements of a journalist without her permission.

As a result of the controversy over this incident, the firm updated its privacy policy to clarify that “all employees at every level” are prohibited from accessing passenger and driver data.

Are you a security pro? Try our quiz!


Click to read the authors bio  Click to hide the authors bio