Lyft employees allegedly abuse company’s ride-tracking software

Using Amazon Redshift, Lyft employees can gain access to customer identification data

Lyft app

It seems that U.S.-based ride-sharing services can’t stay out of trouble.

According to the Information, Lyft is currently investigating allegations that employees abused the service’s ride-tracking software to track romantic partners and celebrities.

The allegations were brought forward by a Lyft employee who published a lengthy post detailing concerns about the company to Blind — an app exclusively accessible to individuals with an email address from tech companies like Microsoft, Apple and Google.

According to this employee, individuals at Lyft who are given access to Amazon Redshift — a data warehouse service that logs personally identifiable information (PII) — can use the service to “query any and all data,” including phone numbers.

In response, Lyft issued a formal statement, explaining that these specific allegations “would be a violation of Lyft’s policies and a cause for termination, and have not been raised with our legal or executive teams.”

The company’s co-founders John Zimmer and Logan Green also sent employees a letter, explaining that the company was aware of the allegations.

“We also want to ensure that everyone continues to feel empowered to speak up if they see something that doesn’t seem right,” reads an excerpt from the letter, confirmed to MobileSyrup by Lyft.

Interesting to note is that Lyft hasn’t denied that certain employees have access to privileged customer information. Instead, those employees who do have access are monitored and supervised, while their overall activity is logged.

“Access to data is restricted to certain teams that need it to do their jobs,” a Lyft spokesperson told MobileSyrup via email. “For those teams, each query is logged and attributed to a specific individual. We require employees to be trained in our data privacy practices and responsible use policy, which categorically prohibit accessing and using our customer data for reasons other than those required by their specific role at the company.”

Lyft added that if these allegations are true, they are the work of a single bad actor and are not representative of the company as a whole.

The privacy concerns raised by the Lyft Redshift allegations are similar to the concerns raised by Uber’s ‘God View’ tracking tool.

According to BuzzFeed News — the first publication to break the God View story — the tool allowed Uber employees to track customers using the location data regularly collected from individuals who use the ride-sharing app.

Uber ultimately paid $20,000 USD in a settlement fine due to the God View tool.

Lyft launched in Toronto and the GTA in December 2017.

MobileSyrup has reached out to Lyft for comment, and this story will be updated with a response.

Source: The Information, TechCrunch