Uber employees regularly used the firm’s “God View” feature to track politicians, celebrities and ex-boyfriends and girlfriends, according to a court declaration given by its former forensic investigator Samuel Ward Spangenburg.
Spangenburg, who made the allegations under penalty of perjury, is currently suing Uber for age discrimination and whistleblower retaliation.
He says he was fired 11 months after telling the company’s head of information security and HR chief about his concerns over the lack of security.
“Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high-profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses,” Spangenberg wrote in his court declaration.
BuzzFeed revealed two years ago that the firm had a “God View” feature which enabled staff to track customers without their permission.
After the feature was exposed, Uber said it had strict policies to prohibit employees from accessing users’ trip information with limited exceptions.
But five former Uber security professionals told Reveal that the company had continued to allow broad access to the sensitive data.
According to the Reveal report, “thousands” of employees could get details of where and when each customer travels.
Uber drivers, who are officially contractors, are not privy to this information.
In a statement shared with several media organisations, including the Huffington Post, a spokesperson said:
“Uber continues to increase our security investments and many of these efforts, like our multi-factor authentication checks and bug bounty program, have been widely reported. We have hundreds of security and privacy experts working around the clock to protect our data.
“This includes enforcing strict policies and technical controls to limit access to user data to authorised employees solely for purposes of their job responsibilities, and all potential violations are quickly and thoroughly investigated.”
The company said it had replaced “God View” with “Heaven View” and logged and routinely audited access to customer data.
The spokesperson denied that “nearly all” of its employees had access to customer data, with our without approval.
Uber paid $20,000 (£13,700) and promised to strengthen privacy policies in January to settle an investigation by New York’s attorney general, the BBC reported.
The firm did not immediately respond to The Huffington Post UK’s question about the number of employees who have access to Heaven View.
The allegations come just days after users branded an update that gives the app access to customers’ locations for up to five minutes after they are dropped off “creepy” and “arrogant”.