The Uber ride-sharing service is dogged by its fair share of controversies, and now another one has emerged which suggests - like many online companies before it - it has grown too big, too fast, and not had security embedded in its soul.
As Motherboard reports, records from its South California operations have been accidentally exposed on the internet - revealing the phone numbers of some customers, and that at least two drivers were demanding financial payments for the return of items left in the back of vehicles.
Motherboard reporters were able to access what should have been an internal webpage, showing 155 items in the Uber district's lost-and-found directory, including the usual array of iPhones, credit cards, wallets, spectacles and selfie sticks.
Two hours after the press published a story about the data leaking from Uber, the webpage was removed from public access.
Such a leak of information is, of course, evidence of not just bad design - but also an indication that privacy and security are not part of the company's DNA.
Maybe in time, if it lasts that long, Uber will learn that the privacy of customers is sacrosanct and everything should be done to make mistakes like this impossible. But until that day, you have to cross your fingers and trust that they're not going to have another accident, or indeed dump you on the side of a motorway at 3am.
My guess is that Uber hasn't learnt to walk the privacy walk yet. In fact, my guess is that they're probably still crawling.