The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it. Read more