Uber and Lyft Data Breach: SSN Leaks to Meta and TikTok Uncovered

Uber and Lyft Data Breach: SSN Leaks to Meta and TikTok Uncovered

November 16, 2024 Catherine Williams - Chief Editor Business

New research from Northeastern University shows privacy issues for gig workers applying for Uber and Lyft. When applicants fill out forms, they provide sensitive details like Social Security numbers. This data was unintentionally sent to TikTok and Meta, major social media companies, through tracking pixels on the application websites.

Tracking pixels are small codes used to track user behavior on websites. They help companies analyze website traffic but can also collect private information without users’ knowledge. David Choffnes, a computer science professor at Northeastern, explained that companies often use these trackers to improve targeted advertising.

Researchers found that Uber and Lyft used these pixels on their desktop sites, capturing personal data from job applications. When the researchers shared their findings, Uber and Lyft quickly fixed the issues, stating that the data collection was unintentional and preventable through simple configuration changes.

Choffnes noted that workers’ data should be handled differently from consumers’ data. Job applicants share critical personal information, unlike regular customers, who typically provide only basic contact details. Companies must be transparent about how they use applicants’ data and provide clear purposes for its collection.

How can gig workers protect their personal information⁤ when applying for jobs?

Interview with ‌David Choffnes: Addressing Privacy Concerns for Gig​ Workers Applying to Uber​ and Lyft

In a recent study by Northeastern University, alarming privacy issues were uncovered ​concerning gig workers applying ⁣for positions ⁣at Uber and Lyft. We sat down with David ‍Choffnes, a computer science professor at Northeastern and one of the leading⁣ researchers on this topic, to discuss ‍the findings and implications⁢ for data privacy for applicants.

Interviewer: Thank you for speaking with us today, David. ‌Can you explain what your research​ discovered regarding privacy issues for gig workers applying to‌ Uber and Lyft?

David Choffnes: Absolutely. Our research revealed​ that when job applicants fill⁢ out ⁣forms for Uber and Lyft, they inadvertently provide sensitive personal⁤ information, including Social Security numbers. Unfortunately, this data was unintentionally sent​ to major social media companies, TikTok and Meta, through tracking pixels embedded on the application websites.

Interviewer: ‍ What are tracking ⁤pixels, and how do they contribute to this issue?

David Choffnes: Tracking pixels are small snippets of code used to monitor and analyze user behavior on⁣ websites. While they are primarily intended​ to help⁣ companies⁣ track website traffic and improve targeted advertising, they can also collect private information, often without users being⁤ aware of it.

Interviewer: So, how did this happen with Uber and Lyft?

David Choffnes: Our investigation‍ showed that both companies were using these tracking pixels on their desktop sites. As a result, sensitive‍ personal ⁢data from job applications was captured and sent to third parties. Once we alerted Uber and Lyft about our findings, they promptly rectified the issue, stating that this data collection was unintentional and preventable through simple‌ configuration changes.

Interviewer: What do you​ think distinguishes​ the data ⁣provided⁤ by job applicants​ from⁣ that of regular consumers?

David Choffnes: That’s a crucial‌ point. Job applicants typically share highly sensitive information that goes beyond what regular customers ​provide, which ‍usually consists of basic contact details.⁢ Therefore, it ⁣is imperative that companies handle this type of data with heightened privacy protections and transparency. Applicants deserve to know how their ​data will be used and the specific purposes behind ⁣its collection.

Interviewer: ‍ How does the⁢ current data privacy landscape in the U.S. ​compare to that in other regions, like ‌Europe?

David Choffnes: Currently, ⁢the U.S. lacks comprehensive federal data privacy laws akin to those ⁤in Europe. This gap in regulation makes it even​ more critical for companies to adopt best practices voluntarily. We need better accountability and transparency in how companies handle sensitive data, particularly from job applicants.​ Consent statements should be⁣ clear and explicit during the data collection process.

Interviewer: What steps⁢ can applicants take to protect their data⁣ when applying ‌for gig jobs?

David Choffnes: Applicants must be vigilant⁢ and cautious. They should carefully read privacy policies and⁣ understand what information is ​being ‍collected and why.‍ Moreover, they should advocate that companies refrain from gathering sensitive data without explicit⁣ user consent. A strong emphasis on privacy protections⁢ and clearer communication regarding data⁤ sharing‍ is essential.

Interviewer: Thank you for‍ your insights, David. It’s clear ⁤that there’s⁤ much work to be done to ensure the privacy of gig workers and job applicants.

David Choffnes: Thank you for having ‍me.‌ It’s vital‌ that we continue to‍ raise awareness of these issues to foster a ‌safer data environment for everyone, especially ⁣those seeking employment.

Currently, in the U.S., there are no comprehensive federal data privacy laws like those in Europe. Choffnes calls for better accountability and transparency from companies. He advocates for clear consent statements during data collection processes.

To protect their data, applicants must be cautious. Choffnes argues that companies should not gather sensitive personal data without explicit user consent. He emphasizes the need for strong privacy protections and clearer communication regarding data sharing.