Uber Security Head Says Users Need to Care More About Data After Breach

'We still haven't seen customers picking stronger passwords.'

Uber IT security head John Flynn. Diarmuid Greene/Collision

Uber (UBER) has been embroiled in numerous controversies over the last year, including a high-profile leadership change, a massive data breach and a lawsuit from Google’s Waymo.

Sign Up For Our Daily Newsletter

By clicking submit, you agree to our <a rel="noreferrer" href="http://observermedia.com/terms">terms of service</a> and acknowledge we may use your information to send you emails, product samples, and promotions on this website and other properties. You can opt out anytime.

See all of our newsletters

According to the company’s security team, however, the main problem is users don’t care enough.

John Flynn, Uber’s chief information security officer, spoke on Tuesday at the Collision tech conference in New Orleans. He told moderator Alyssa Newcomb of NBC News that user expectations are evolving, and customers now expect Uber to do even more to protect their data.

But while passengers’ expectations are rising, Flynn said their behavior still hasn’t changed very much.

“Customers tend to not do a great job of protecting their own data,” he said. “We still haven’t seen customers picking stronger passwords and enabling protections. We still have to do a lot on behalf of the user.”

Because of this, the Uber app had to be redesigned to emphasize security and privacy. For example, users can now enable two-factor authentication and use it every time they enter the app so they’re in control of their data and experience.

“There’s now an expectation that customers are in control of their data and experience,” Flynn said. “It’s not enough to put those experiences on the backend.”

The company also strengthened the app so that if hackers do get into a user’s account, they can’t see credit card numbers or other compromising information.

Users can already request Uber data through the app’s support team, and the company will offer a self-service feature soon.

Uber has learned some tough lessons on the road to privacy.

Flynn testified before Congress in February about the security breach, and that experience taught him the importance of leveling with users.

“We’re being a lot more transparent by updating terms, and we’re committed to having an ongoing dialogue with regulators,” Flynn said.

The main person helping Uber transform from a scrappy startup into an actual business is CEO Dara Khosrowshahi. Flynn said the new leader “calmed things down quite a bit” by settling the Waymo lawsuit and refocusing the company.

Uber may have had a bumpy start in the data sphere and misjudged users’ preparedness and expectations.

But Flynn said startups should learn from Uber’s mistakes so new leaders and engineers don’t have to swoop in and save the day.

“You need to get the architecture right and get the products right from the beginning,” he said.

Uber Security Head Says Users Need to Care More About Data After Breach