Uber leaked drivers' personal data in new app

By

Driver's licenses, tax forms and other personally identifiable data left open.

Rideshare company Uber has been forced to apologise after accidentally exposing personal information of hundreds of its drivers in the United States during the this week's release of its “Uber Partner app.”

Uber leaked drivers' personal data in new app

The app inadvertently gave access to nearly 1000 personal documents belonging to 674 drivers that contained social security numbers, scans of driver's licenses, tax forms and other information. 

Uber drivers took to public forums to warn each other of the data leak, which left their details open to the world for several hours.

An Uber spokesperson said the “information was only viewable if a driver logged in and specifically went to their documents page”.

The spokesperson claimed the incident was fixed within 30 minutes of the company being notified.

“We'd like to thank the driver who drew it to our attention and apologise to those drivers whose information may have been affected. Their security is incredibly important to Uber and we will follow up with them directly," the spokesperson said.

Scott Gordon, chief operating officer of security startup FinalCode said "securing files containing confidential and regulated data must take a front seat at Uber".

"The ease at which sensitive information in documents are externally shared, or in this case mistakenly exposed, should be a wake-up call for all enterprises,"  Gordon said.

Uber's recent privacy gaffe comes just days after the company patched a vulnerability reported to it by Vice Motherboard that allowed an attacker to maintain access to a compromised account even after the victim changed their password.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?