Uber has admitted to accidentally revealing sensitive personal documents of over 600 of its drivers. The documents included uncensored scans of driving licences, insurance certificates, proof of vehicle registration, and social security numbers.
In all, there were at least 179 pages of documents belonging to Uber drivers from all over the US. One driver said he was greeted with thousands of documents when he tried to upload a document of his own. In all, Uber says up to 1,000 documents were exposed.
Another posted on the UberPeople forum, saying: "I found dozens of strangers' documents. There is a huge problem... it looks like the database is just dumping docs into the document page. What a freaking mess. More identity fraud incoming."
Uber says the accident, which occurred on Tuesday (13 October), lasted for no more than 30 minutes. Afterwards, some drivers claimed the system no longer showed their documents when they logged in, prompting them to wonder whether uploading them again would be safe. Uber told IBTimes UK that the incident only affected drivers in the US.
A company spokesperson added: "We were notified about a bug impacting a fraction of our US drivers earlier this afternoon [13 October]. Within 30 minutes our security team had fixed the issue. We'd like to thank the driver who drew it to our attention and apologise to those drivers whose information may have been affected. Their security is incredibly important to Uber and we will follow up with them directly."
674 Uber drivers affected
Uber says at worst 674 drivers were affected and 1,000 documents exposed. The documents could not be seen by the general public, but creating an Uber profile can be done by anyone in just a few minutes – 15 of which are spent watching a video explaining how Uber works – so it was crucial that the bug was spotted and fixed as quickly as it was.
Even so, many drivers on the various Uber forums are unhappy that such an accident could ever happen in the first place. One user wrote: "This info is worse than credit card information... this info can be used to create accounts and verify identities online." It is being reported that the leak was connected to Uber's new Uber Partner app, which is "designed to give drivers more information so Uber works better for them".
It's not the first time Uber drivers have suffered problems with data privacy. Last year its database was hacked, potentially compromising the information of up to 50,000 drivers in the US.