Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Uber Privacy Scare After Lost Items Records Go Public

Controversial online taxi booking service Uber has been making headlines for the wrong reasons again after accidentally exposing sensitive information about some of its users on a public site.

The firm’s lost and found records were accidentally published to the public-facing web for a few hours this week, as spotted by Vice Magazine’s Motherboard site.

The database in question is thought to have come from the firm’s Los Angeles office as many of the customer phone numbers included had a southern California area code, and “LA” was in the URL, the report claimed.

The records dated back to December and apparently included customer and driver names, customer phone numbers and internal ID numbers, as well as the related item of lost property left behind in the cab.

Route information was said to be stored on a password protected page.

For its part, Uber was quick to rectify the mistake and apologize.

It had the following in a statement:

“Uber’s Lost Items feature has helped thousands of riders reconnect with belongings left behind after a trip. It appears that this log of lost items was accidentally made public, and we’re sorry for this mistake. We are looking into exactly how that happened so that it does not happen again.”

This isn’t the first time privacy concerns have been raised about the cab-booking service provider.

In November, the firm was forced to update its privacy policy after reports claimed that one of its executives tracked the travel records of a journalist without her permission.

Separate reports alleged that another Uber exec had mooted the idea of using the firm’s ‘God’s View’ tool to attack journalists and others who are publicly negative towards the company.

“Uber has a strict policy prohibiting all employees at every level from accessing a rider or driver’s data. The only exception to this policy is for a limited set of legitimate business purposes,” the firm said in a statement.

“Uber’s business depends on the trust of the riders and drivers that use our technology and platform. The trip history of our riders is confidential information, and Uber protects this data from internal and external unauthorized access.”

What’s Hot on Infosecurity Magazine?