A white-hat-hacker Anand Prakash has identified a bug that allowed the attacker to enjoy Uber free rides. Anand Prakash has been rewarded by Uber for reporting the bug.
He writes in his blog,
“Attackers could have misused this by taking unlimited free rides from their Uber account.”
Anand Prakash is a security Researcher and he earns money by reporting vulnerabilities in the websites. A few months ago he found a bug in Uber system, and with the permission of Uber, he exploited the bug and get free rides.
Many tech companies have bug bounty program including Google, Facebook, Yahoo, and Microsoft. And he reported the bug through Uber Bounty Program. Uber has rewarded the hackers by amount within the range of $100 to $10,000. That reward depends upon the importance of vulnerabilities.
Uber Company paid Prakash $5000 for identifying that bug of free ride. He is ranked 14th in Uber Bounty Program. Last year, he was rewarded $ 15,000 by Facebook for identifying a bug that could hack a Facebook accounts.
Vulnerability that hacker is identified, existed in the payment method. He demonstrated in a video an invalid method of payment. He dodged the system by specifying invalid payment method.
Click below to watch the video.