Computerworld
Uber links to sensitive ride data now expire after 48 hours

Uber links to sensitive ride data now expire after 48 hours

Some of the links, which contain exact addresses for rides, are accessible through search engines

Uber's logo

Uber's logo

Zach Miners (IDG News Service) 04 September, 2015 21:54
  • share
  • print
  • email
Comments

When an Uber rider reaches his or her destination, the ride may be over, but information about it could live on through Google.

On Thursday, a site-specific search on Google for trip.uber.com produced dozens of links to Uber rides that have been completed and cancelled, in countries around the world including the U.S., England, Russia, France and Mexico.

Each link leads to a Web site with a map showing the ride's route, with the pickup and destination tagged with markers. A card on the page also shows the first name of the rider and driver, along with the driver's photo, make and model of car, and license plate number.

The map appears just as it might during the actual ride for the driver and rider on their smartphones.

If that wasn't troubling enough, the source code for each of these web sites, which is publicly accessible, reveals even more.

In the code, exact addresses for the pick-up spot and destination can be found. So can the car's license plate and the exact date and time of the ride.

By combining the information displayed on the map with data gleaned from the source code, people could learn an awful lot about these riders and drivers through other Google searches.

Tech news site ZDNet reported on the finding earlier on Thursday.

uber trips shared eta

Links to Uber rides and associated data, viewable after a site search of trip.uber.com on Google.

In a statement, an Uber spokeswoman said, "This is not a data leak. We have found that all these links have been deliberately shared publicly by riders. Protection of user data is critically important to us and we are always looking for ways to make it even more secure."

In 2013, Uber added a feature to its app to let riders share their ETA with friends and family during the ride. With the feature, riders can send a link, via SMS, to a live map that shows when they'll arrive at their destination.

The links appearing in the Google results containing the ride data were links that had been shared also on social media sites, and were thus cached by Google, an Uber spokeswoman said Thursday.

Google includes tweets in its search results.

Mikko Hypponen, chief research officer at IT security company F-Secure, previously called attention to the matter on Twitter, with pictures of the Uber links and maps he had found on Google.

John Flynn, Uber's chief information security officer, in response, said the links were shared deliberately by users.

But even though the links may have been deliberately shared online, users likely were not aware that they would contain sensitive data in the source code, or that anyone could find them through Google.

Those revelations might raise new privacy concerns among some Uber users. Some users might decide to stop using the share ETA feature, while others who are sent the links might now opt not to post them online.

Uber has previously faced controversy over its data policies, and the level of access company employees have to individual riders' trip data.

Late last year, Uber brought in a Washington, D.C., law firm to review its data policies, after attention had been brought to a so-called "god view" tool that let employees view rider logs and trip histories.

But this time, in the case of ride links shared online by users, it might be Uber customers who find themselves having to perform a privacy check of their own.

(Correction: An earlier version of the story misidentified the Uber official who responded to Hypponen's tweet; it was John Flynn, Uber's chief information security officer.)

The good, bad and ugly of on-prem. Is this the right choice for your organisation?
More from NEXTDC

Join the newsletter!

Or
  • Sign in with LinkedIn
  • Sign in with Facebook

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Uber

More about F-SecureGoogleTwitterUber

Web Events

  • Diversity and Inclusion

  • Dell EMC VMware

    Dell EMC | VMware - Better Together for Your Business

  • Computerworld Webinar: Flash-Forward: How to deliver real outcomes in the age of storage innovation

Related Whitepapers

Show Comments

Read next

  • Amazon adds antenna service for satellite data; courts space industry

  • Inmates receiving addiction treatment via touchscreen at NSW ‘pop-up’ prisons

  • AWS is ethical about AI but 'we just don't talk about it' ...

  • Equinix opens largest Australian data centre, SY5

  • In pictures: Roundtable - How to ‘thrive’ - and 'survive' - in ...

Go 1.15 holds off on major changes

Copyright © 2022 IDG Communications, Inc. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications, Inc. is prohibited.

IDG Sites: PC World | GoodGearGuide | CIO | CMO | CSO | ARN
[]