Menu CIO
CloseCIO

In-depth

  • Augmented & virtual reality
  • Big Data / Analytics
  • BPM
  • Business Continuity
  • Business Intelligence
  • C-Suite Perspectives
  • Change Management
  • Cloud
  • Collaboration
  • Digital Transformation
  • Infrastructure
  • Innovation
  • IT Value
  • KM/Storage
  • Machine learning and AI
  • Mobile / Wireless / Convergence
  • Project Management
  • Risk Management
  • Security
  • Vendor View

Resources

  • Career
  • CIO 100
  • Events
  • Media Releases
  • News
  • Newsletters
  • PartnerZones
  • Slideshows
  • Videos
  • Whitepapers
  • Webinars

Industries

  • Education
  • Finance
  • Government
  • Retail
  • Utilities

Login

Forgot password?

Sign up now to get free exclusive access to reports, research and invitation only events.

  • LinkedIn
  • Twitter
  • YouTube
  • Facebook
  • Send Us E-mail
  • Privacy Policy [Updated 16 May 18]
  • Advertising
  • CSO
  • Subscribe to emails
  • Subscribe to IDG Publications
  • Contact Us
Menu CIO
Uber links to sensitive ride data now expire after 48 hours

Uber links to sensitive ride data now expire after 48 hours

Some of the links, which contain exact addresses for rides, are accessible through search engines

Zach Miners (IDG News Service) 04 September, 2015 21:54
  • -
  • share
  • print
  • email
Comments
Uber's logo

Uber's logo

When an Uber rider reaches his or her destination, the ride may be over, but information about it could live on through Google.

On Thursday, a site-specific search on Google for trip.uber.com produced dozens of links to Uber rides that have been completed and cancelled, in countries around the world including the U.S., England, Russia, France and Mexico.

Each link leads to a Web site with a map showing the ride's route, with the pickup and destination tagged with markers. A card on the page also shows the first name of the rider and driver, along with the driver's photo, make and model of car, and license plate number.

The map appears just as it might during the actual ride for the driver and rider on their smartphones.

If that wasn't troubling enough, the source code for each of these web sites, which is publicly accessible, reveals even more.

In the code, exact addresses for the pick-up spot and destination can be found. So can the car's license plate and the exact date and time of the ride.

By combining the information displayed on the map with data gleaned from the source code, people could learn an awful lot about these riders and drivers through other Google searches.

Tech news site ZDNet reported on the finding earlier on Thursday.

uber trips shared eta

Links to Uber rides and associated data, viewable after a site search of trip.uber.com on Google.

In a statement, an Uber spokeswoman said, "This is not a data leak. We have found that all these links have been deliberately shared publicly by riders. Protection of user data is critically important to us and we are always looking for ways to make it even more secure."

In 2013, Uber added a feature to its app to let riders share their ETA with friends and family during the ride. With the feature, riders can send a link, via SMS, to a live map that shows when they'll arrive at their destination.

The links appearing in the Google results containing the ride data were links that had been shared also on social media sites, and were thus cached by Google, an Uber spokeswoman said Thursday.

Google includes tweets in its search results.

Mikko Hypponen, chief research officer at IT security company F-Secure, previously called attention to the matter on Twitter, with pictures of the Uber links and maps he had found on Google.

John Flynn, Uber's chief information security officer, in response, said the links were shared deliberately by users.

But even though the links may have been deliberately shared online, users likely were not aware that they would contain sensitive data in the source code, or that anyone could find them through Google.

Those revelations might raise new privacy concerns among some Uber users. Some users might decide to stop using the share ETA feature, while others who are sent the links might now opt not to post them online.

Uber has previously faced controversy over its data policies, and the level of access company employees have to individual riders' trip data.

Late last year, Uber brought in a Washington, D.C., law firm to review its data policies, after attention had been brought to a so-called "god view" tool that let employees view rider logs and trip histories.

But this time, in the case of ride links shared online by users, it might be Uber customers who find themselves having to perform a privacy check of their own.

(Correction: An earlier version of the story misidentified the Uber official who responded to Hypponen's tweet; it was John Flynn, Uber's chief information security officer.)

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or
  • Sign in with LinkedIn
  • Sign in with Facebook

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Uber

More about F-SecureGoogleTwitterUber

Editor's Recommendations

  • Inside the digital transformation of an IT function

  • CIO spotlight: Glen McLatchie of SkyCity

  • How big data is saving small babies

  • CIO spotlight: Rebecca Thomas of PwC New Zealand

  • One of NZ’s first female CIOs is now a startup founder at age 69

  • The CTO as COO and vice versa

Web Events

  • How to power your work and unleash enterprise agility

  • Using APIs to unlock business value

  • Cloud Migration: The Comprehensive Checklist to Success

Read more

Related Whitepapers

  • NTT Security 2018 Risk:Value Report

  • Survive the Cloud Evolution

  • State of the CIO 2018

  • Diversifying Digital Business : Case Study REA Group

Show Comments

Read next

  • The 11 biggest issues IT faces today

  • Google fails to disclose microphone in Nest Secure

  • Executives’ dismissive cybersecurity attitudes set the stage for Toyota, Cabrini, Parliament, and ...

    CSO Online

  • In pictures: Harnessing AI for customer engagement - CMO-CIO roundtable

  • In pictures: CIO and CMO forum tackles 'Uniting humans and machines for ...

How Dynatrace is instrumental to the Royal Caribbean customer journey
  • Send Us E-mail
  • Privacy Policy [Updated 16 May 18]
  • Advertising
  • CSO
  • Subscribe to emails
  • IDG registered user login
  • Subscribe to IDG Publications
  • Contact Us

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.

IDG Sites

  • PC World
  • Computerworld
  • Reseller News
ABA_audited_website