# Driver Data Breach Due To Uber's Own Fault, App Prone To Hacking! And Uber IS A Tech Company??



## Sanjay (Oct 31, 2014)

This is the most detailed article on Uber Drivers' Data Breach

*Fork me! Uber hauls GitHub into court to find who hacked database of 50,000 drivers*
*http://www.theregister.co.uk/2015/02/28/uber_subpoenas_github_for_hacker_details/*


----------



## Sanjay (Oct 31, 2014)

Another article from today, where an iOS engineer was able to access Uber Employee settings within the Uber App:
*
I accessed employee settings on Uber app & found per minute & base fare could be changed each ride*
By @nmock on Twitter
https://medium.com/@nmock/accessing-employee-settings-on-uber-a3ecc5542315


----------



## Sanjay (Oct 31, 2014)

*UBER STATEMENT*
POSTED BY KATHERINE TASSI
http://blog.uber.com/2-27-15

"Our investigation determined the unauthorized access impacted approximately *50,000 drivers across multiple states, which is a small percentage of current and former Uber driver partners."*

How is 50,000 Drivers "a small percentage of current and former Uber driver partners" when according to Uber's own numbers there were ~75,000 active drivers in May 2014? Let's assume there were 150,000 former drivers in May 2014,
50,000/(75,000+150,000) = 22%!









http://venturebeat.com/2015/01/22/i...s-joined-in-december-and-average-19-per-hour/


----------



## UberCemetery (Sep 4, 2014)




----------



## UberCemetery (Sep 4, 2014)




----------



## Sanjay (Oct 31, 2014)

*In major goof, Uber stored sensitive database key on public GitHub page*
*http://arstechnica.com/security/201...sensitive-database-key-on-public-github-page/*


----------



## Sanjay (Oct 31, 2014)

*Apparently the Driver Data Breach was due to Uber's own **** Up!*

"The language has led to widespread speculation that the pages at issue were made by an Uber employee or contractor who stored a confidential authorization key on the GitHub service. One or more of the unknown John Doe defendants then found the key some time in 2014 and used it to access the Uber database. *Uber officials declined to comment on the record, but the company didn't challenge the claim.*"


----------



## Sanjay (Oct 31, 2014)

And the letter to Drivers confirms that the Data Breach was due to Uber's own recklessness!


----------



## Oc_DriverX (Apr 29, 2014)

Has anyone here received any notification of Uber that they were involved in the data breach? I believe there are several active CA members who were around back them who could have possibly been affected. I believe that I could have been in that data set as well, but so far, I have not seen anything from Uber.


----------



## Sanjay (Oct 31, 2014)

Oc_DriverX said:


> Has anyone here received any notification of Uber that they were involved in the data breach?


@Sydney Uber received the notification.
https://uberpeople.net/threads/important-notice-from-uber-fraud-alert.14792/


----------



## Oc_DriverX (Apr 29, 2014)

Sanjay said:


> @Sydney Uber received the notification.
> https://uberpeople.net/threads/important-notice-from-uber-fraud-alert.14792/


Thank you for the link. What is odd is that I thought a story I had read indicated that the names that were compromised were from CA.


----------



## UberGirl (Jul 3, 2014)

I got it...


----------

