Today, Valleywag got its hands on leaked screenshots of Uber's dashboard, along with a series of numbers from two weeks ago that show raw revenue, signups, active clients and ride request/completion ratios. TechCrunch has verified with a source that this is Uber's official dashboard.
TechCrunch also contacted Uber, who said that they would ‘take action' against the leaker. They did not deny the authenticity of the screenshots and numbers.
The numbers span a period of between mid-October and mid-November of 2013 and allow us to form a picture, though incomplete, of Uber's income and user statistics over the period. According to our calculations based on the information laid out in the dashboard screenshots - and assuming some similarity in numbers for the rest of the year - the car service should be pulling in over $ 1B a year in gross bookings. At a rough 20% cut, a figure Valleywag notes Kalanick has alluded to, that would place Uber's slice of the revenue around $ 213M a year.
The five week period also showed over 11% in revenue growth, with over 398,000 new signups in aggregate at just under 80k each week. Uber is also clocking around 1M requests every week and completing around 800k each week. The data points to a healthy business which maintains a strong ratio of continuing users to new signups and big ‘conversion' rates between people who look at the app and people who actually use it.
A recent filing uncovered by Kara Swisher at All Things D put Uber's valuation at $ 3.5B, and sources had pegged revenue for 2013 at around $ 125M. Going by that, Uber is doing significantly better than estimated.
We contacted Uber CEO Travis Kalanick about the leak, and he did not deny that the numbers were accurate. He also had a few things to say about how the story was reported by Valleywag.
“The surprising part is that Valleywag knowingly outed their own source. Valleywag actually knew the screenshot had identifying information of the individual leaker prior to them publishing this story,” Kalanick told TechCrunch in a statement. “We told Nitasha Tiku from Valleywag that we would protect her source from legal ramifications if they did not publish the document. Nitasha and Valleywag decided to publish anyways. We obviously take the dissemination of our proprietary information seriously and we will be looking to take action against the individual leaker and Valleywag source in short order.”
TechCrunch then reached out to Gawker about the details of how the piece was reported. Editor John Cook told us that the screenshots did not, in fact, have any identifying information.
“We didn't publish any identifying information about the source of the screengrab,” Cook says. “We don't know who sent us that shot, and neither does Uber. As you know from reading the piece, the person who sent us the information got it after an unidentified Uber employee logged into an Uber administrative console from a computer that our source had access to,” Cook wrote.
“When we reached out to Uber last night, CEO Travis Kalanick helpfully confirmed the veracity of the information by threatening to claim we “outed” our source by failing to redact the timestamp information displayed in the screengrab. What he fails to understand–or is lying about in an effort to smear a critical reporter–is the fact that the person who provided us that screengrab is not the person who logged into Uber's administrative console. If Kalanick retaliates against that employee, he will be not be punishing our source.”
Regardless of the details of how they were leaked, it seems clear that these are indeed screenshots of Uber's internal dashboard. And the vehemence of the response by Uber also appears to indicate that the information on the dashboard is revealing.
Note, of course, that the interpretation of the data is not confirmed, and we're only working off of leaked information here. The math is rough, to say the least and whatever this is, it's likely not a complete snapshot of Uber as a company. If the readings by Valleywag, and our own crunching, are correct though, Uber is in fantastic shape.
Article Title updated to refer to revenue, rather than profit.
Wendy's is ending the run of its wildly successful pretzel bun, bringing out a brioche burger to end a year full of innovative buns.
Trainee tweeted some personal comments about a sportswoman. Could we be facing a libel action?
Financial Times - Entrepreneurship
Chad Hurley of YouTube is feeling the wrath of Kimye after releasing a video of their marriage proposal.
NoSQL Database hosting service MongoHQ, a Y Combinator alum, has suffered a major security breach that appears to be a major factor in an attack over the weekend on Buffer, the social media scheduling service. The MongoHQ intrusion is affecting customers of the hosting service and potentially also their S3 storage accounts on Amazon Web Services (AWS).
MongoHQ Co-Founder Jason McKay, in an open letter on the company web site, wrote that they discovered the breach yesterday when they detected “unauthorized access to an internal support application using a password that was shared with a compromised personal account.” In other words, an employee was fooled into giving up their account credentials. To MongoHQ's detriment, the internal support application was exposed to the Internet. There was no virtual private network (VPN) to fully protect the back-end of the service. MongoHQ has now taken steps to put a VPN into place.
On Hacker News, Buffer CEO Joel Gascoigne still took full blame, saying the tokens they used were not encrypted.
If access tokens were encrypted (which they are now) then this would have been avoided. In addition, MongoHQ have provided great insights and have much more logging in place than we have ourselves. We're also increasing logging significantly as a result.
The attack looks like it could have been a lot worse, said JumpCloud CEO David Campbell in a phone interview today. JumpCloud protects users through its management platform, which stores cloud server keys for administrators. The platform abstracts the password process, preventing attacks by dropping a small piece of software on the customer's cloud server. It is an agent-based approach similar to the way companies such as New Relic provide application performance management. The agent records the data from the server, monitoring it for unusual spikes in network loads and other unusual events.
Luckily, MongoHQ used bcrypt, which is designed to slow down brute-force attacks using powerful computers or corrupted server clusters, Campbell said. In these attacks, there is a brute force attempt to crack passwords. These attacks can access systems fairly easily if there is not something to slow them down. That's why the LinkedIn attack last year was so significant. There were not the protections in place to slow the attacks. It is believed about six million passwords were stolen.
Still, whoever accessed the accounts systematically went through the system, accessing customer accounts:
Our support tool includes an “impersonate” feature that enables MongoHQ employees to access our primary web UI as if they were a logged in customer, for use in troubleshooting customer problems. This feature was used with a small number of customer web UI accounts. Our primary web UI allows customers to browse data and manage their databases. We are contacting affected customers directly.
We have additionally determined that an unauthorized user to our support system would have had some access to our account database, which includes connection info for customer MongoDB instances.
We've conducted an audit of direct access to customer databases and determined that several databases may have been accessed using information stored in our account database. We are contacting affected customers directly. If you have not heard from us individually, there is no evidence that your DB was accessed by an unauthorized user.
MongoHQ has also taken l steps to invalidate the AWS credentials it stored for customers as part of backing up to S3. Customers that use the same credentials on AWS as they do on MongoHQ are particularly vulnerable. AWS has created “Premium Support” cases for all affected accounts, to assist customers with establishing new credentials, as needed.
This is a major attack that reflects on the poor state of security in the startup community. It shows the need for services like JumpCloud and more emphasis on how companies enforce user management.
A two-month absence from my string quartet has led to an attempt to force me out
Financial Times - Entrepreneurship
A legal dispute over Google's practice of tracking users to create targeted advertisements ended Wednesday as a federal judge ruled in the company's favor.
A class action lawsuit, titled Google Inc. Cookie Placement Consumer Privacy Litigation, was brought by web browser users who alleged that Google avoided browser security settings, using cookies to track usage on computers and mobile devices. The plaintiffs alleged that the company wrongfully maneuvered its way through browser security. They further claimed that this tracking information informed Google's use of targeted ads.
We worry a lot over the mistakes we’ve made, and that’s a good thing up to a point. It can help us become better people. But eliminating mistakes altogether isn’t the best goal — in fact, some studies have shown it makes you more likeable.
The Australian tourism industry is rebounding as more international visitors are making the voyage overseas and those figures are set to improve with the dollar now heading below parity.
Pakistan’s Sindh Province To Ban Skype, Viber For 3 Months Over Terrorist Usage, Demanding More Data Access
Pakistan is known for a long-standing ban on YouTube and occasional blocks of sites like Facebook and Twitter. Today, the government in one large part of the country said that it was planning to block two more social media services — Skype and Viber.
According to a report in the Express Tribune, the government of the Sindh province — home to over 35 million people, including those living in its capital, Karachi — is planning a three-month block of the two messaging platforms because they are being used by terrorists who want to avoid conversations getting monitored on regular mobile networks. To that end, the government apparently also is requesting further access to data being passed through networks like Viber and Skype.
The newspaper reports that for right now it’s just these two services that will be affected, although the ban could possibly also be extended to Tango and WhastApp, the newspaper notes. It does not say when the ban will begin.
We have reached out to both Skype and Viber for comment and will update the story as we learn more.
The decision to ban the networks was made between Sindh Chief Minister Qaim Ali Shah and officials from the Karachi police, intelligence agencies and others. In other words, it doesn’t sound like there has been much in the way of official dissent. It’s not a great message for freedom of speech in the country, even if those channels clearly are getting abused by some.
In a country with a lot of political strife and distribution with large geographic obstacles, communications networks are a lifeline for many ordinary, law-abiding people, too. Unfortunately, Pakistani residents are no strangers to Internet service blockages. In addition to the periodic outages from sites like Twitter and Facebook, and the extended block of YouTube, it looks like there the mobile networks also get shut down periodically, also to cool down terrorist chatter.
The YouTube ban appears to be more about blasphemous content rather than direct issues related to terrorism. It is currently getting reassessed as part of a wider look at a new filtering program for digital content, much like the one used in Russia today.
TechCrunch » Social