World’s largest cab aggregator service, Uber, has reportedly been outgunned by a Bengaluru-based Anand Prakash who is an important part of Facebook’s bug bounty programme. The white hacker (read ethical hacker) has found a bug in Uber’s payment system and claims to have accessed free rides for lifetime anywhere in the world.
Anand wrote in a blog post – “This post is an interesting bug on Uber which could have been used to ride for free anywhere in the world. Attackers could have misused this by taking unlimited free rides from their Uber account.”
To understand how Anand managed to find out and manipulate this bug, Uber users create their account and pay either by cash or through their debit/credit card. However, “by specifying an invalid payment method, for example, abc, xyz etc, I could ride Uber for free.”
Anand reported about this bug to the US-based multinational in 2016 and got a cash price of $5000 after he successfully demonstrated the whole procedure to Uber. Further, the hacker also took permission from Uber before posting the hack on his blog. Find the video demonstrating the same below.
But, don’t get too excited as Uber has already fixed the issue long before Anand posted about the same on his blog. Interestingly, this is not the first time Anand has been under the hack limelight. The guy from Bengaluru was previously awarded a cash prize of $15000 from Facebook for digging out a bug in the Facebook’s password system. Not only this, he has been rewarded by companies like Twitter, Adobe and Google.