Lyft—Lyft unintentionally leaked driver Social Security numbers to Meta and TikTok via tracking pixels
Northeastern University research published November 2024 revealed Lyft unintentionally sent driver and applicant Social Security Numbers to TikTok and Meta. Lyft shared unsalted hashes of workers' SSN with Facebook (Meta) and TikTok when applicants used desktop website. Companies had added tracking pixels provided free by Meta and TikTok for web traffic analysis, but these pixels inadvertently collected data from private application web forms and sent it directly to social media companies. Issue only discovered when researchers applied for driver positions via desktop website. Represents major privacy vulnerability in driver onboarding process.
Scoring Impact
| Topic | Direction | Relevance | Contribution |
|---|---|---|---|
| Corporate Governance | -against | secondary | -0.50 |
| Data Security | -against | primary | -1.00 |
| User Privacy | -against | primary | -1.00 |
| Overall incident score = | -0.477 | ||
Score = avg(topic contributions) × significance (critical ×2) × confidence (0.57)× agency (negligent ×0.5)
Evidence (1 signal)
Northeastern research revealed Lyft leaked SSNs to Meta and TikTok via tracking pixels
Northeastern University research published November 2024 revealed Lyft unintentionally sent driver and applicant Social Security Numbers to TikTok and Meta through tracking pixels on desktop website application forms. 'Lyft shared unsalted hashes of workers SSN with Facebook (Meta) and TikTok' according to researchers. Pixels provided free by social media companies for web analytics inadvertently collected private form data.