Some Uber Ride Data Publicly Accessible Through Google

itwbennett writes: On Thursday, ZDNet reported that Uber ride data had leaked into Google search results. Zach Minors confirms in this article that a "site-specific Google search for trip.uber.com produced dozens of links to Uber rides that have been completed and cancelled, in countries around the world including the U.S., England, Russia, France and Mexico. Each link leads to a Web site with a map showing the ride's route, with the pickup and destination tagged with markers. A card on the page also shows the first name of the rider and driver, along the driver's photo, make and model of the car, and license plate number." However, what appeared to be a privacy red flag was not a "data leak," according to an Uber spokeswoman: "We have found that all these links have been deliberately shared publicly by riders. Protection of user data is critically important to us and we are always looking for ways to make it even more secure."

Re:

[jakimfett]

Dice hates Uber, maybe? Anything to make Uber look bad?

Re: So?

[shitzu]

How does one share an Uber ride? Just curious. Do you know the urls pointing to your drives you can share?

Ashley Madison correlation?

[KatchooNJ]

Quick! Someone match up this data with the Ashley Madison data to find out what correlates.

Re:

[plopez]

Using an "eventually consistent" database engine!

Not an issue.

[OverlordQ]

However, what appeared to be a privacy red flag was not a "data leak," according to an Uber spokeswoman: "We have found that all these links have been deliberately shared publicly by riders. Protection of user data is critically important to us and we are always looking for ways to make it even more secure."

That's why all the links are 404s now, since it totally wasn't an issue.

Re:

[CaseCrash]

What the fuck is wrong with you?

The trips are only shared if the user explicitly does it, and your crazy rant has nothing to do with this.

Re:Not an issue.

[93 Escort Wagon]

It likely wasn't clear to Uber's users that these pages would be linked somewhere public, given the reasons the company states for these pages' existence.

Let's say I'm setting up a trip, and I'm offered a chance to send a link to someone so they can follow my progress. I would expect that link to be provided only to that individual, probably over email - NOT included on some page anyone can find by clicking around Uber's website. Yet that apparently is exactly what Uber was doing... putting it on such a page.

Now anyone familiar with Uber's security track record won't be surprised they are doing this; but still this falls on the shoulders of the company, not the users, regardless of Uber's attempts to deflect the blame.

We need a way to mod stories

[Gibgezr]

I thought the idea behind the fire-hose was that it would prevent non-stories from showing up. Guess not.

Bad headline

[xxxJonBoyxxx]

Headline probably should have been, "Uber accidentally shares more information about 'public' rides than its customers expected"

The point of TFA seems to be that specific addresses and start/finish times were published, when the public "shared rides" site makes it seem like that information is hidden.

What about the driver's privacy?

[Anonymous Coward]

>> along the driver's photo, make and model of the car, and license plate number.

Isn't this is a lot to disclose publicly about the driver?

"ways to make it even more secure"

[DodgeRules]

"Protection of user data is critically important to us and we are always looking for ways to make it even more secure."

Like the use of a simple robots.txt file which should have been in place on day -1?

Cross index

[morgauxo]

I wonder if someone with more time on their hands than I could combine this data with the Ashley Madison dump and identify when and where people met.