Uber Accidentally Leaks Personal Information Of Hundreds Of U.S. Drivers
Uber accidentally exposed the personal information of hundreds of drivers online, including driver's license scans, Social Security numbers and tax forms, among other confidential data.
The leaked information was linked to the new Uber Partner app, which was designed by Uber to provide its drivers with information regarding the service and to provide the company with more information regarding its drivers.
Uber drivers noticed the data leak on Oct. 13, immediately alerting other drivers through online forums such as Reddit.
"I have hundreds of drivers' licenses on my screen now," posted a user on the Uber People forum. "What a freaking mess. More identity fraud coming," the user also wrote.
In a phone interview with news website Motherboard, an Uber driver revealed that he found the leaked data while trying to upload a document. Upon refreshing the page, hundreds or even thousands of other documents uploaded by other drivers began to show up.
A spokesperson for Uber confirmed the issue to Motherboard, adding that the company fixed the problem as soon as it became aware of it. However, it seemed that the leaked documents were exposed online for at least a few hours.
According to Uber, the data leak affected 674 drivers in the United States at most, with fewer than 1,000 confidential documents involved in the data leak. Uber said that the data could have only been accessed by drivers that were logged in to the Uber Partner app and accessed the documents section.
The danger presented by the exposed information is great, as the data can be used for Social Security fraud, as well as for identity fraud.
This latest mishap in security comes just days after the ride-sharing service patched up a major vulnerability which gave hackers the ability to maintain control over hacked user accounts on Uber.
A data breach eight months ago was also recently pushed back to the spotlight when Uber said that it is focusing its investigation on an IP address which the company said could lead to the culprit. According to sources, the IP address can be traced back to rival Lyft's chief technology officer Chris Lambert.
For this latest instance, however, it is only Uber to blame for not protecting the confidential information of its drivers.