There’s another looming privacy threat for Uber: the cybersecurity risk associated with maintaining a database of GPS-configured information on all of Uber’s customers.
The Washington Post’s Craig Timberg pointed out this potential vulnerability yesterday, suggesting Uber’s database is a treasure trove for hackers.
Timberg spoke to someone who interviewed for a job with Uber in the company’s Washington, D.C. office last year. That person says he was given access to the database for quite some time, as if he were an employee. Here’s what happened:
He got the kind of access enjoyed by actual employees for an entire day, even for several hours after the job interview ended. He happily crawled through the database looking up the records of people he knew — including a family member of a prominent politician — before the seemingly magical power disappeared. “What an Uber employee would have is everything, complete,” said this person, who spoke on the condition of anonymity for fear of retribution from the company.
Uber did not respond to Business Insider’s request for comment. Here’s the comment they gave to Washington Post: “As a matter of security, we don’t discuss publicly the details of our security.”
Uber has recently come under fire for privacy concerns. An Uber NYC executive was investigated after he tracked a BuzzFeed reporter’s ride in an Uber vehicle without her permission, using a tool called God View. And in September, a VC investor named Peter Sims wrote a post detailing how Uber used God View to track his Uber ride in New York City and display it at an Uber Chicago launch party.