Uber suffers massive security breach

Company leaks personal details of hundreds of drivers through new app

Uber has accidentally leaked the personal details of hundreds of its drivers through a newly launched app.

The controversial company released a new "Uber Partner app" yesterday, which it claimed is "designed to give drivers more information so Uber works better for them".

However, as first reported by Gawker, a design flaw also gave drivers more information about each other by allowing anyone access to nearly 1,000 sensitive scanned documents, including social security numbers, tax forms, insurance documents, driving licenses and taxi certification forms.

The bug apparently appeared when an Uber driver tried to upload or edit such documents, with Gawker writing that they were "warped to a screen that contains documents for complete strangers, a legion of Uber drivers around the United States".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Speaking to Motherboard, an unnamed Uber driver said: "It (the app) started loading hundreds, maybe thousands of other uploaded documents from other Uber drivers. When I looked closer, it might have been the database of Uber drivers that are taxicab drivers that have access to Uber. There were a lot of taxi certification forms and livery drivers licenses."

Uber has responded to the incident, telling IT Pro: "We were notified about a bug impacting a fraction of our US drivers earlier this afternoon. Within 30 minutes our security team had fixed the issue.

"We'd like to thank the driver who drew it to our attention and apologise to those drivers whose information may have been affected. Their security is incredibly important to Uber and we will follow up with them directly."

The organisation also claimed that no more than 674 drivers in the US were affected.

However, this isn't the first time Uber has suffered a serious security breach exposing the details of its drivers.

In May 2014, a hacker stole the company's database containing the details of thousands of drivers, which were then posted to GitHub - and Uber didn't notice until September.

Advertisement - Article continues below

Even then, it did not notify registered drivers that their details were at risk until it had filed a lawsuit against GitHub demanding the IP addresses or subscriber details of anyone "that viewed, accessed, or modified these posts and the date/time of accessing, viewing, or modification".

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/strategy/27302/driverless-cars-news/page/0/4
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019
Visit/strategy/27302/driverless-cars-news
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019
Visit/strategy/27302/driverless-cars-news/page/0/3
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019
Visit/strategy/27302/driverless-cars-news/page/0/1
Business strategy

Uber car involved in fatal crash had software flaws

6 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020