Uber-creepy: Dial-a-ride devs accused of stalking pop diva Beyonce
All the single ladies... your ex-techbro boyfriends may have snooped on you, too
A former Uber staffer claims the amateur taxi app maker routinely pried into customer records to spy on people, including celebrity riders and ex-partners of employees.
The allegations against the ride-sharing giant were made by Ward Spangenberg, a former forensic investigator at Uber who is now suing the Silicon Valley biz for age discrimination.
Spangenberg says in a court statement made as part of the case that Uber's administrative access to customer data (once dubbed "God mode") was routinely abused by employees to track their exes and follow the activity of celebrities – most notably, pop siren Beyonce.
"Uber's lack of security regarding its customer data was resulting in Uber employees being able to track high-profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends and ex-spouses," the former employee and whistleblower claimed.
"I also reported that Uber's lack of security, and allowing all employees to access this information (as opposed to a small security team) was resulting in a violation of governmental regulations regarding data protection."
The comments Spangenberg made in court were backed up by several other employees in comments given to the Center for Investigative Journalism claiming that "thousands" of Uber employees are able to view detailed rider information and activity logs on the service.
The allegations surfaced just days after Uber was outed for tracking user activity even after rides end, and Spangenberg says the company's misdeeds go beyond privacy invasion.
He also claims that, while a member of Uber's incident response team, he was involved in efforts to thwart government raids of Uber branch offices. Spangenberg said that when the company got word of a pending police raid, it was standard practice to delete data and destroy equipment.
"I would be called when governmental agencies raided Uber's offices due to concerns regarding noncompliance with governmental regulations," he said.
"In those instances, Uber would lock down the office and immediately cut all connectivity so that law enforcement could not access Uber's information. I would then be tasked with purchasing all new equipment for the office within the day."
Uber did not respond to the allegations in the statement, citing a policy against commenting on active litigation. The company did, however, provide The Register with a statement on the allegations made to the Center for Investigative Journalism.
"It's absolutely untrue that 'all' or 'nearly all' employees have access to customer data, with or without approval. And this is based on more than simply the 'honor system': we have built [an] entire system to implement technical and administrative controls to limit access to customer data to employees who require it to perform their jobs," Uber said.
"This could include multiple steps of approval – by managers and the legal team – to ensure there is a legitimate business case for providing access." ®
Sponsored: Becoming a Pragmatic Security Leader