Recently a few white hat hackers are Integrity have been very busy hacking Uber. What they ran across is quite scary. Hackers can hack into Uber and track where you are going.
To gather information about Uber sub domains they need to do a dns brute-force.
To get a driver UUID you can, for example, request a random car, let the driver accept the trip and after this you cancel it. In the meanwhile you are able to capture the driver UUID.
In the response of this request, they were able to get the driver name, license plate, last tripUUID, last passenger name, number of passengers, the origin and destination of the trip.
Notice the TRIP # in this response? To get the full path of the trip, they ended up discovering a new functionality that returns the full path of the trip, the driver name, client name, license plate and even the car model.
They did not give details about this function this moment.
Of course, there is a lot more information then I would care to go into. If you want you could read the article here.