A former Uber security expert says Uber drivers are illegally helping men stalk their ex-girlfriends, as well as tracking the movements of politicians and celebrities — including Beyonce.
Ward Spangenberg, an Uber forensic investigator who was fired earlier this year, is suing the company for age discrimination, along with “whistleblower retaliation” after he spoke out about their lack of security with customer data.
As Spangenberg wrote in a court declaration back in October:
Uber's lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses.
To make matters worse, Uber now allegedly tracks your location even when you're not using the app.
Spangenberg says that while working at the company he regularly took issue with what he considered to be“illegal practices,” and he believes he was fired for his dissent.
I also reported that Uber's lack of security, and allowing all employees to access this information (as opposed to a small security team) was resulting in a violation of governmental regulations regarding data protection and consumer privacy rights.
Spangenberg says he started voicing his concerns in March 2015 about these "reckless and illegal practices." Eleven months after voicing his objections, he says he was let go.
Uber denies these claims, saying its employees aren't allowed access to this sort of information. But as Reveal News (whom Spangenberg first took this story to) reports, “five former Uber security professionals” claim this just isn't true.
In reality, these security experts claim Uber's policy “basically relies on the honor system.”
When I was at the company, you could stalk an ex or look up anyone's ride with the flimsiest of justifications. It didn't require anyone's approval.
And Spangenberg would know, seeing as he helped create the security system that supposedly makes sure these privacy breaches don't happen.
In addition to the security vulnerabilities, Spangenberg said Uber deleted files it was legally obligated to keep. During government raids of foreign Uber offices, he said the company remotely encrypted its computers to prevent authorities from gathering information.
Uber responded to the allegations with a statement saying,
We have hundreds of security and privacy experts working around the clock to protect our data.
But it did admit it had to terminate several employees for “improper access." Uber says the number of offenders was “fewer than 10.”
So, uh, nine? Weird way of saying such a low number, Uber. Not inspiring a lot of trust.