Joe Sullivan, Uber's chief security officer, in response, said that the links were shared deliberately by users.
But even though the links may have been deliberately shared online, users likely were not aware that they would contain sensitive data in the source code, or that anyone could find them through Google.
Those revelations might raise new privacy concerns among some Uber users. Some users might decide to stop using the share ETA feature, while others who are sent the links might now opt not to post them online.
Uber has previously faced controversy over its data policies, and the level of access company employees have to individual riders' trip data.
Late last year, Uber brought in a Washington, D.C., law firm to review its data policies, after attention had been brought to a so-called "god view" tool that let employees view rider logs and trip histories.
But this time, in the case of ride links shared online by users, it might be Uber customers who find themselves having to perform a privacy check of their own.
Sign up for Computerworld eNewsletters.