Mike Isaac’s Super Pumped (p. 208, 215) reports a May 2014 hack in which the names and license numbers of more than 50,000 drivers were compromised. Uber kept the hack secret, although California law required notifying authorities of a data breach.
Under guidance from new Chief Security Joe Sullivan, Uber finally reported the breach in February 2015, nine months after it occurred.
Mike Isaac’s Super Pumped (p. 207) that complaints about sexual misconduct and assault (typically though not exclusively between drivers and passengers) were so common that Uber created a twenty-one category classification system for these problems.
Mike Isaac’s Super Pumped (p. 197) reports a conversation between Travis Kalanick and Apple CEO Tim Cook. Kalanick told Cook: “The board is irrelevant. I hand pick all of these guys. They do what I tell them, and the way I’ve structured things, I do what I want.”
Mike Isaac’s Super Pumped (p. 193, 200, 203-204) explains how Apple concealed phones’ IMEI device IDs, but Uber found a way to circumvent this protection. Uber’s tactic increased its defenses against fake account scammers, but violated Apple’s rules regarding user privacy. To increase the likelihood that they’d be able to use this tactic, Uber kept it a secret — plus designed its circumvention code with “geofencing” so it would not function for users in greater San Francisco. But when an Apple tester outside California tested Uber’s app, Apple uncovered Uber’s ruse. Apple was angry not just about the circumvention of its privacy protections, but about the affirmative effort to avoid detection. Apple ultimately told Uber that if it ever again attempted this kind of deception, it would be kicked off of Apple devices permanently.
Mike Isaac’s Super Pumped (p. 190) describes lavish corporate real estate including a $40 million facility in Pittsburgh (hosting just 200 employees), a beachfront property in Santa Monica, and a new San Francisco facility for which the staircase alone cost multiple million dollars. In a war room, a switch could change all glass to frosted, to hide company secrets from outsiders.
Mike Isaac’s Super Pumped (p. 187) reports an Indian driver who threatened suicide due to reduction in Uber’s payments to drivers:
One incident involved an Indian man who arrived at an Uber outpost in hysterics, upset that Uber had yet again slashed prices. The man took out a canister, doused his body in gasoline and then brandished a lighter, threatening to set himself ablaze unless Uber raised its rates again. Security guards tackled the man, wrestled him to the ground, and stripped the lighter from his hands.
Mike Isaac’s Super Pumped (p. 187) reports the suicide of a driver in Hyderabad, India after he wasn’t able to make his car loan payment on time:
An angry mob of drivers—some who drove for Uber, others employed by taxi organizations all too happy to stoke anger—showed up outside of Uber’s offices in early 2017 with the dead body of the thirty-four-year-old driver, M Kondaiah, dumping the corpse on the company’s front doorstep. If Uber’s wages for drivers in India weren’t so low, the group claimed, Kondaiah would still be alive today.
Mike Isaac’s Super Pumped (p. 183) describes scams in China seeking to steal sign-up incentives:
[I]n China, drivers and riders colluded to scam Uber out of billions in incentives, divvying the rewards. Most scammers found each other over text-based Chinese internet forums, a simple, anonymous way to match people who wanted to make a quick buck. They developed their own codified language; drivers seeking a fake ride would ask for “an injection,” a reference to the small, red digital pin that signaled a user’s location inside the Uber app. A “nurse,” or scammer, could respond in kind to give a “shot” to the original poster by creating a new fake account and going on a fake ride with the driver. The two parties would then split the bonus incentive payment from Uber. Repeated over and over across dozens of cities, small driver bonuses mushroomed into millions in squandered cash.
The obvious solution was to better verify drivers and passengers, to prevent repeat signups. But this was off the table:
To juice growth, Kalanick had made the new user sign-up process as simple as possible. Joining Uber only required a name, email address, phone number, and credit card number, all of which were easily replicable. Fraudsters simply entered fake names and emails. Then they used apps like “Burner” or “TextNow” to create thousands of fake telephone numbers to be matched with stolen credit card numbers. But requiring Chinese users to add other, more precise, forms of identification would add more friction to the process. And, as Kalanick’s data scientists found in their research, adding friction slowed growth. For Kalanick, putting a dent in growth was not an option.
Isaac then explains the additional methods scammers implemented to create fake riders, including cheap cell phones and disposable SIM cards to simulate additional personas.
Mike Isaac’s Super Pumped (p. 182) reports drug traffickers and prostitutes using Uber for local transportation — and not even paying for it.
In Brooklyn, … credit card thieves used stolen card numbers to run drug trafficking and prostitution rings using Uber vehicles. The ruse was simple: the dealers would buy stolen credit card numbers from the Dark Web, then plug those numbers into the app to charge Uber trips to the stolen accounts. Over hundreds of trips per week they delivered drugs and call girls throughout New York City–all paid by Uber incentives or through chargebacks from credit card companies after the original card owners reported the fraud.
Mike Isaac’s Super Pumped (p. 172) reports that in 2014, Uber added a “Safe Rides Fee” — but used that revenue for general purposes, with no specific investment in safety. He quotes a former employee: “We boosted our margins saying our rides were safer. It was obscene.”