Skip to main content

Hackers target Uber, find a bunch of holes

A group of hackers from a security company in Portugal managed to hack into Uber and get their hands on a bunch of data that should remain hidden.

A team of three experts, Vitor Oliveira, Fábio Pires and Filipe Reis from Integrity (opens in new tab), found a total of six flaws: they managed to use promotion codes, found private emails using UUID, found users' phone numbers, created driver accounts, validated them, found where you went, who your driver was, and who you are and, ultimately, date of the trip, driver name and picture, the ID and the cost of the trip. The route map was also disclosed.

All these vulnerabilities have been kept secret until Uber issued fixes, so you can now sleep peacefully. However, this still doesn't mean that someone didn't manage to get its hands on this information earlier.

The crew decided to pursue these vulnerabilities because Uber issued a bounty on whoever finds any. In the researchers' report, there is no mention on how much money they got for finding these.

They did, however, praise Uber for its fast response when it comes to patching the issues up.

“With this being said, we think that Uber has one of the best bug bounty programs, with great payouts. From a pentester’s view, the security team takes this program very seriously by trying to resolve all the issues as fast as they can.”

Image Credit: Prathan Chorruangsak / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.