Former employees say Lyft staffers spied on passengers

Similar to Uber’s “God View” scandal, Lyft staffers have been abusing customer insight software to view the personal contact info and ride history of the startup’s passengers. One source that formerly worked with Lyft tells TechCrunch that widespread access to the company’s backend let staffers “see pretty much everything including feedback, and yes, pick up and drop off coordinates.”

When asked if staffers, ranging from core team members to customer service reps, abused this privilege, the source said “Hell yes. I definitely looked at my friends’ rider history and looked at what drivers said about them. I never got in trouble.” Another supposed employee anonymously reported on workplace app Blind that staffers had access to this private information and that the access was abused.

Our source says that the data insights tool logs all usage, so staffers were warned by their peers to be careful when accessing it surreptitiously. For example, some thought that repeatedly searching for the same person might get noticed. But despite Lyft logging the access, enforcement was weak, so team members still abused it.

Lyft tells TechCrunch that staffers in several departments that might need access to this data for their job have the ability to look up this information. That includes data analytics, engineering (particularly those working on fraud or investigations), customer support, insurance and the trust and safety team. A Lyft spokesperson confirmed it’s investigating the issue and that there have been instances of enforcement in the past. They provided this statement:

Maintaining the trust of passengers and drivers is fundamental to Lyft. The specific allegations in this post would be a violation of Lyft’s policies and a cause for termination, and have not been raised with our Legal or Executive teams. We are conducting an investigation into the matter.

Access to data is restricted to certain teams that need it to do their jobs. For those teams, each query is logged and attributed to a specific individual. We require employees to be trained in our data privacy practices and responsible use policy, which categorically prohibit accessing and using customer data for reasons other than those required by their specific role at the company. Employees are required to sign confidentiality and responsible use agreements that bar them from accessing, using, or disclosing customer data outside the confines of their job responsibilities.

The news raises serious questions about proper data privacy at Lyft. While occasional access to rider data can be essential to some roles at the company, like if someone loses an item, widespread and improperly restricted access could be seen as a violation of riders’ trust. Lyft has tried to position itself as the friendlier, more ethical alternative to Uber, but staffers may have engaged in the same shady behavior.

An image of Uber’s former God View program

Back in 2014, BuzzFeed broke news that Uber used a system called “God View” that let staffers see details about riders and their trips. That led to an investigation by the New York Attorney General’s office. It struck a settlement with Uber where the startup agreed to limit access to designated employees using multi-factor authentication, establish someone to supervise privacy of the system and audit usage of it. Yet reports surfaced in 2016 that Uber employees were still abusing the system renamed “Heaven View.”

In early 2015, Lyft’s CEO Logan Green and president John Zimmer responded to questioning about data privacy at Lyft and Uber from Senator Al Franken, writing that “As recent events in our industry have made clear, customers may be justifiably concerned about a company making improper use of their trip data. We’ve taken this opportunity to reevaluate our own restrictions and protections to ensure that we are doing everything we can to keep our customers’ trip data safe.”

[gallery type="slideshow" ids="1591203,1591204,1591205"]

Today, though, TechCrunch received a tip about a supposed Lyft staffer with either a Lyft email address or public Lyft job listing who was using anonymous workplace app Blind to blow the whistle about data privacy abuse at the company.

They claimed that staffers could use Lyft’s backend software to view unmasked personally identifiable information. This was said to be used to look up ex-lovers, check where their significant others were riding and to stalk people they found attractive who shared a Lyft Line with them. Staffers also could see who had bad ratings from drivers, or even look up the phone numbers of celebrities. One staffer apparently bragged about obtaining Facebook CEO Mark Zuckerberg’s phone number.

Lyft employees are active on Blind, and wrong information is typically challenged. But no one came out contradicting the original report before press time, beyond one person saying that access was limited, logged and audited, though it’s not clear to what degree. They also noted that some unmasked personal data was visible in places it didn’t need to be.

Our source confirmed some of these practices to TechCrunch, saying they would check to see where their significant other was Lyfting to. “It was addictive. People were definitely doing what I was” they noted. New staffers were particularly keen to try it despite warnings to be careful.

The situation highlights how having policies against bad behavior inside fast-moving startups doesn’t necessarily prevent abuse. Diligent enforcement must also be undertaken despite the costs or time required.

Additional reporting by Sarah Perez