ARN - Australian Reseller News
  • News
  • ANALYSIS
    • Analysis
    • Profiles
    • Podcasts
    • Executive Roundtables
  • ECOSYSTEM
    • Distributor Directory
    • Vendor Directory
    • Innovation Awards
    • Gallery
  • Events
    View all events
  • Content Hub
    • Brand Posts
    • Microsites
    • Webinars
    • Digital Magazines
    • ARN Library
    • Subscribe online
  • Contact
  • Sign in

    Existing Member

    Forgot password?

    Join ARN

    Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

    Sign up now
Menu ARN
Uber links to sensitive ride data now expire after 48 hours

Uber links to sensitive ride data now expire after 48 hours

Some of the links, which contain exact addresses for rides, are accessible through search engines

Zach Miners (IDG News Service) 04 September, 2015 21:54
  • share
  • print
  • email

Distributors

  • Auscomp Computers
  • Synnex

Vendors

  • F-Secure
Comments
Uber's logo

Uber's logo

When an Uber rider reaches his or her destination, the ride may be over, but information about it could live on through Google.

On Thursday, a site-specific search on Google for trip.uber.com produced dozens of links to Uber rides that have been completed and cancelled, in countries around the world including the U.S., England, Russia, France and Mexico.

Each link leads to a Web site with a map showing the ride's route, with the pickup and destination tagged with markers. A card on the page also shows the first name of the rider and driver, along with the driver's photo, make and model of car, and license plate number.

The map appears just as it might during the actual ride for the driver and rider on their smartphones.

If that wasn't troubling enough, the source code for each of these web sites, which is publicly accessible, reveals even more.

In the code, exact addresses for the pick-up spot and destination can be found. So can the car's license plate and the exact date and time of the ride.

By combining the information displayed on the map with data gleaned from the source code, people could learn an awful lot about these riders and drivers through other Google searches.

Tech news site ZDNet reported on the finding earlier on Thursday.

uber trips shared eta

Links to Uber rides and associated data, viewable after a site search of trip.uber.com on Google.

In a statement, an Uber spokeswoman said, "This is not a data leak. We have found that all these links have been deliberately shared publicly by riders. Protection of user data is critically important to us and we are always looking for ways to make it even more secure."

In 2013, Uber added a feature to its app to let riders share their ETA with friends and family during the ride. With the feature, riders can send a link, via SMS, to a live map that shows when they'll arrive at their destination.

The links appearing in the Google results containing the ride data were links that had been shared also on social media sites, and were thus cached by Google, an Uber spokeswoman said Thursday.

Google includes tweets in its search results.

Mikko Hypponen, chief research officer at IT security company F-Secure, previously called attention to the matter on Twitter, with pictures of the Uber links and maps he had found on Google.

John Flynn, Uber's chief information security officer, in response, said the links were shared deliberately by users.

But even though the links may have been deliberately shared online, users likely were not aware that they would contain sensitive data in the source code, or that anyone could find them through Google.

Those revelations might raise new privacy concerns among some Uber users. Some users might decide to stop using the share ETA feature, while others who are sent the links might now opt not to post them online.

Uber has previously faced controversy over its data policies, and the level of access company employees have to individual riders' trip data.

Late last year, Uber brought in a Washington, D.C., law firm to review its data policies, after attention had been brought to a so-called "god view" tool that let employees view rider logs and trip histories.

But this time, in the case of ride links shared online by users, it might be Uber customers who find themselves having to perform a privacy check of their own.

(Correction: An earlier version of the story misidentified the Uber official who responded to Hypponen's tweet; it was John Flynn, Uber's chief information security officer.)


Follow Us

  • Twitter
  • LinkedIn

Join the newsletter!

Or
  • Sign in with LinkedIn
  • Sign in with Facebook

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Uber

Read next

  • Cognizant deploys Tealium CDP for Uni of Melbourne

  • KPMG puts Tim Robinson in charge of technology consulting

  • Winners grace the stage for ARN Innovation Awards 2023

Follow us

  • Twitter
  • Facebook
  • LinkedIn
  • RSS

Distributor Directory

Your essential guide to Australian Distributors

Find distributors by name - vendor - location

Vendor Directory

Your essential guide to Australian Vendors

Find vendors by name - category

Brand Pages

  • Become a leading sustainability partner with Edge computing

  • The Most Effective Response To The Exponential Rise In Sophisticated Ransomware Is Partner-Driven Data Resilience

  • nbn

    How channel partners can leverage the nbn™ network to help deliver transformation and digital innovation to Australian SMBs

Slideshows

Winners grace the stage for ARN Innovation Awards 2023

Winners grace the stage for ARN Innovation Awards 2023

Celebrated during a black-tie event at ICC Sydney on 16 November that brought together more than 700 members of Australia’s channel community, this year’s Innovation Awards celebrated the accomplishments of more than 39 winners and a new inductee into the ARN Hall of Fame – Steve Martin. The winners were selected from 342 finalists which made the shortlist from a pool of over 160 organisations, spanning start-up, partner, vendor and distributor businesses. This positions the Innovation Awards as the leading technology awards program for customer innovation and ecosystem excellence in the Australian channel.

Winners grace the stage for ARN Innovation Awards 2023
Channel celebrates ARN Innovation Awards 2023: Champagne reception

Channel celebrates ARN Innovation Awards 2023: Champagne reception

​More than 700 delegates from across the Australian ICT landscape came together to celebrate the industry's greatest achievements for 2023 during a black-tie event at the ICC in Sydney on 16 November. Champagne reception was sponsored by CrowdStrike.

Channel celebrates ARN Innovation Awards 2023: Champagne reception
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference

Related Whitepapers

Show Comments
Applied Materials faces probe in the US for shipping chip equipment to China
 
Foundry logo

Copyright © 2023 IDG Communications, Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications, Inc. is prohibited.

ABA Audited Website

Foundry Sites: Computerworld Australia | CIO Australia | CMO Australia | CSO Online

Links: Privacy Policy [Updated 22 Feb 2023] | Copyright Notice |  | | Reprints | Advertising

Latest News

03:54PM
Tech Data A/NZ hires Robbie Upcroft to lead Microsoft business
01:22PM
Govt to revamp telco safeguards in new Bill
10:50AM
Nintex APAC leader Christian Lucarelli swaps out for Keith Payne
10:45AM
Macquarie Telecom wins CJD Equipment contract from Telstra
More News
  • Macquarie Telecom wins CJD Equipment contract from Telstra

  • Leonardo.Ai attracts $47M investment

View all events