Uber Reportedly Gave An Interview Candidate Access To The Company's Rider Database

There’s another looming privacy threat for Uber: the cybersecurity risk associated with maintaining a database of GPS-configured information on all of Uber’s customers.

The Washington Post’s Craig Timberg pointed out this potential vulnerability yesterday, suggesting Uber’s database is a treasure trove for hackers.

Timberg spoke to someone who interviewed for a job with Uber in the company’s Washington, D.C. office last year. That person says he was given access to the database for quite some time, as if he were an employee. Here’s what happened:

He got the kind of access enjoyed by actual employees for an entire day, even for several hours after the job interview ended. He happily crawled through the database looking up the records of people he knew — including a family member of a prominent politician — before the seemingly magical power disappeared. “What an Uber employee would have is everything, complete,” said this person, who spoke on the condition of anonymity for fear of retribution from the company.

Even if Uber isn’t using its riders’ data in a way that breaches the company’s privacy policy, hackers still could. And that’s worrisome.

Uber did not respond to Business Insider’s request for comment. Here’s the comment they gave to Washington Post: “As a matter of security, we don’t discuss publicly the details of our security.”

Uber later provided this statement to the Washington Post: “Our data privacy policy applies to all employees: access to and use of data is permitted only for legitimate business purposes. Data security specialists monitor and audit that access on an ongoing basis. Violations of this policy do result in disciplinary action, including the possibility of termination and legal action.”

Uber has recently come under fire for privacy concerns. An Uber NYC executive was investigated after he tracked a BuzzFeed reporter’s ride in an Uber vehicle without her permission, using a tool called God View. And in September, a VC investor named Peter Sims wrote a post detailing how Uber used God View to track his Uber ride in New York City and display it at an Uber Chicago launch party.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.

Tagged In

privacy sai-us uber