A glitch in the website Uber created for its drivers accidentally exposed tons of confidential, sensitive, and personal information – like drivers’ licenses and financial documents – to other Uber drivers across the country, the company confirmed.
The Uber Partner website is the ride-hailing startup’s tool for drivers to manage their accounts and track their rides.
It’s also how new Uber drivers get brought onto the system, including entering their personal information and uploading stuff like their tax forms so they can get paid.
But after its introduction, there was a big problem. When drivers went to the app earlier today, clicking on the “Documents” tab brought them to a page where they could view the personal information for 674 drivers from across the United States, an Uber representative said, confirming a report by Gawker.
That includes “clear, high-resolution pictures” of documents containing sensitive personal information, including Social Security numbers. All in all, there were a thousand individual documents, the Uber representative says. It would be an identity thief’s idea of a miracle.
Members on a popular Uber driver forum confirmed that they could see the same info.
Uber says that this information is no longer visible.
“As soon as we were made aware of this, we immediately fixed it,” an Uber representative told Gawker.
Uber also says it fixed the breach within 30 minutes of being notified by one of its drivers.
The Uber representative issued the following statement:
We were notified about a bug impacting a fraction of our US drivers earlier this afternoon. Within 30 minutes our security team had fixed the issue. We’d like to thank the driver who drew it to our attention and apologize to those drivers whose information may have been affected. Their security is incredibly important to Uber and we will follow up with them directly.
Uber has repeatedly come under fire for failing to protect its drivers’ privacy. Eight months ago, as many as 50,000 driver names and license numbers were downloaded by a hacker, and Uber is looking into a connection between that incident and rival ride-hailing company Lyft.