Uber links to sensitive ride data now expire after 48 hours
Some of the links, which contain exact addresses for rides, are accessible through search engines
By Zach Miners
Uber has tweaked one of the features in its app after it was shown to let sensitive trip data become publicly accessible through Google.
The feature lets Uber customers share their ETA, via SMS, with friends and family during a ride. The text that’s sent includes a link to a live map that shows where the rider is during the course of the ride, just like the map shown on the rider’s own smartphone.
On Thursday, links to dozens of the maps could be found on search engines like Google, by performing a site search of trip.uber.com. In addition to the route, the maps show the first names of the rider and driver, and the car and license plate of the driver. On these sites, the source code also includes the exact addresses of the pick-up and destination, and the exact date and time of the ride.
The links were publicly accessible through Google because they had been shared online on social media sites by the people who had received them, Uber said.
Now, riders can continue to share links to the maps, but the links will expire after 48 hours. Uber chief information security officer John Flynn announced the change in a tweet on Friday.
Riders can continue to share their trip links publicly, but now they expire after 48 hours. h/t @mikko