FYI.

This story is over 5 years old.

Drivers Slam Uber for Latest Data Leak

Drivers complain their data was exposed, then lost, because of glitch.
Image: eskay/Shutterstock

Uber drivers are not happy right now.

On Tuesday, the ride-sharing giant mistakenly exposed the personal information of more than 600 of its drivers online. The mistake, according to the company, allowed any Uber driver to access documents uploaded by other drivers, including scans of drivers licenses and tax forms containing addresses and Social Security numbers.

"So they are a shitty technology company AND a shitty cab company," a user on an unofficial Uber drivers forum wrote on Wednesday.

Advertisement

Uber said it fixed the bug within 30 minutes of being notified of it, but a driver complained that he reported the leak around 3:30 pm ET on Tuesday, and it wasn't fixed until after 5 PM.

"I write code and I understand the fix might have been quite complex, but they could at least be honest about it," the user wrote on the forum.

Uber declined to say when exactly they were notified of the bug. But the company promised it "will follow up with [the affected drivers] directly." So far, however, no drivers seems to have been notified of Tuesday's leak, and it's unclear if Uber intends to offer them some sort of identity theft protection, like it did in February, after its database of Uber drivers was breached.

"So they are a shitty technology company AND a shitty cab company."

On Wednesday, some drivers also complained that their own documents were gone from Uber's portal, after the leak was fixed.

"I checked and my drivers license, insurance and registration are all fucking missing now. WTF?" a driver complained on Wednesday morning. "There are drivers who have all kinds of docs in their folders like I do, hope they fix this fast."

Uber did not reply to Motherboard's request for comment for this story. But others reported having the same problems, and harshly criticized Uber.

"Even though Uber is a technology company, and not a transport provider, it just isn't up to the challenge of storing documents on computers," a forum member wrote. "What they need to do is stop trying to be so ambitious and just order some filing cabinets and keep drivers' docs in there. Problem solved."

This latest data leak, which appears to be Uber's fault, comes after many Uber users, all over the world, were charged fraudulent rides on their accounts in the last few months. In that case, the users were hit due their password being leaked as part of a breach of another service or website, as Motherboard reported at the time.

Yet, Uber's response to these hacks was more bad security practices, such as sending passwords via email, or failing to log out hackers when a user changed his or her password after a hack. Uber fixed the latter vulnerability after Motherboard alerted the company of it last week.

In light of all these issues, however, it's no wonder the company is trying to hire a dozen security engineers to boost a team headed by former Facebook chief of security Joe Sullivan and famous car hackers Charlie Miller and Chris Valasek.