Ex-Uber Employees Just Revealed Major Abuses With Your Data

uber app for iphone
Bloomberg/Getty Images

If you thought it was a little weird that the new Uber app can track your location even when you're not using it, you're really not going to like this latest brouhaha over privacy bubbling up around the ride-sharing behemoth.

According to several former employees, an egregious breach in security was enabling internal Uber employees to easily track individual users' whereabouts. And according to at least one of the whistleblowers, there were instances in which such access was used to do things like stalk ex-girlfriends and search for trip info of celebrities, including Beyoncé.

According to a report from Reveal from The Center for Investigative Reporting, the disturbing revelations were made back -- under penalty of perjury -- in October in a court declaration by the company's former forensic investigator Ward Spangenberg, who was fired earlier this year for violating a "code of conduct" and reformatting his computer. He's currently suing the $60 billion Silicon Valley unicorn for age discrimination and whistleblower retaliation, claiming the real reason he was axed was for objecting to what he considered to be the reckless and illegal handling of customer data.

He alleges that even though Uber -- after its executives came under fire for improperly monitoring riders using its "God View" tool -- claimed to restrict access to users' location data only to employees who might need it (for example, to investigate a user complaint or accident), it didn't. Instead, he said, it continued to allow broad access, which led to some employees using it to spy on the whereabouts of any user they wanted. This was corroborated by several other former Uber employees Reveal spoke with, including former senior security engineer Michael Sierchio, who blamed the company's rapid expansion and "growth at all costs" startup culture for letting security become an afterthought.

The former employees said Uber did institute some new safeguards, and would flag employees who attempted to gain access to user location data without proper authority. However, Spangenberg says that if you knew what you were doing you could easily access it without getting caught. In a response to Reveal about this, Uber said that it has fired "fewer than 10" employees for gaining improper access to such data.

Spangenberg's lawsuit also accuses the company of improperly destroying documents that it was supposed to keep pending anticipated lawsuits, as well as preventing government agencies from accessing computers when they were raided by authorities.

According to Reveal, Uber's response to Spangenberg's suit was that it "generally denies each and every allegation," he's made. Interestingly though, the company's most senior security executive sent out a company-wide email on Monday after the piece was published, referring to the article and reminding employees of their obligations when it comes to privacy.

Sign up here for our daily Thrillist email, and get your fix of the best in food/drink/fun.

Joe McGauley is a senior writer at Thrillist and still somehow on Uber's bad side.