Since its founding in 2009, Uber has become the largest and most popular ride-sharing service. But it’s also been plagued by controversies and accused of mistreating drivers, discriminating against certain customers, sabotaging competitors, and evading government regulations.
Uber has suffered several security breaches too, and even had to pay $148 million to the United States Federal Trade Commission for failing to disclose a massive breach in 2016.
So what breaches has Uber actually suffered? What’s been their impacts? And how can you protect your Uber account?
Uber’s Data Breaches and Transparency
Uber suffered its first major data breach in May 2014. The breach revealed the names and license plate numbers of roughly 50,000 drivers across various American states. Uber discovered the leak in September that year, but waited more than five months to notify the drivers and publicly acknowledge what happened, as Forbes reported at the time.
In late 2016, Uber was hit with a massive attack that compromised the personal information of 600,000 drivers and nearly 60 million customers around the world. It took the company nearly a year to acknowledge the breach, but ultimately it agreed to pay a $148 million settlement, according to NPR.
More recently, in January 2022, cybersecurity researcher Seif Elsallamy discovered a major vulnerability in Uber’s email system.
The bug allowed pretty much anyone with sufficient know-how to send an email from Uber’s platform. As Elsallamy explained to Threatpost, he submitted a bug report to Uber via HackerOne, but the issue was rejected by the company.
It then turned out Elsallamy wasn’t even the first person to take note of the bug—a different cybersecurity researcher reportedly notified Uber about it back in 2015, but never heard back.
Uber finally fixed the vulnerability after several major tech publications reported on it.
It remains unclear if malicious actors exploited the bug in the years that it existed, but one should probably assume that they did, given how easy it was for Elsallamy and others to access the ride-sharing giant’s systems.
How to Secure Your Uber Account Now
Data breaches happen and even the most security-conscious entities slip up every now and again, but Uber’s apparent nonchalance when it comes to these issues is all the more reason to secure your account and take precautions.
For a start, make sure you enable two-factor authentication.
Also known as two-step verification, dual factor authentication, or 2FA, this is simply an authentication method that adds another layer of security by requiring two methods to verify your identity.
To turn on two-factor authentication, launch the Uber app and then navigate to Settings > Security > 2-step verification. Tap Set up now and follow the instructions.
Secondly, it’s always a good idea to use a unique password for every site or service you use. This will minimize the chances of your other accounts getting compromised in the event of a breach.
Additionally, consider having a special credit or debit card to use for Uber and similar online platforms. Hold a limited amount of money on this card to mitigate any potential damage cause by a security breach.
And make sure Uber notifications are turned on. That way, you won’t miss any unusual activity because the app sends a notification when a ride is requested or a transaction is made.
This varies by phone, but to turn on Uber notifications go to Settings and then navigate to Notifications, Sound & Notifications, or Notifications management.
Obviously, it is much better to prevent as opposed to just mitigate damage, so make sure you regularly monitor your Uber account activity: periodically check for unusual transactions, explore your trip history, and monitor your online bank account.
Can You Trust Uber?
Uber is convenient and relatively cheap, but it certainly could be safer. Fingers crossed the service takes note of these data breaches and improves security and privacy on the platform.
Nonetheless, you need to stay vigilant, follow basic security protocols, and protect yourself from scams.
Here’s how to spot sophisticated rideshare schemes carried out by drivers and passengers.
About The Author