Account Takeover Bug Found in Uber is Fixed which Found by an Indian Researcher

Uber is a global success for cab ride business but recently there was a bug discovered in the Uber app by an Indian researcher. Anand Prakash, an Indian researcher found out a bug which lets hackers log into anyone’s Uber Account.

For the help, Uber has given a reward to him and paid Prakash $6,500 which is about Rs 4.6 lakh. This reward was to report this bug to Uber which helps them to improve their customer experience and safety on their platform.

Prakash provides complete details about the bug which lets hackers take over the accounts on Uber. Inc42 reported, the accounts for Uber eats and partners can also be taken over in by using the help of this bug.

From Prakash’s blog, it was revealed that the bug was present in the API request function of the Uber app. By using the help of this bug the hackers can take over the account of the users including riders, eats, and partners. By providing UUID from the API requests, you can generate a leaked token which is generated in response to hijack the account. It can be used to create any users UUID by using their phone number and email address.

Due to this, the hacker can track your location the number of rides and also information about your account. This will also let them take over the Uber driver and eats accounts.

By using the help of Uber’s bug bounty program it was fixed quickly. They have paid more than $2M dollars to researchers around the world in order to protect their platform. The top researchers from India are also a part of this development. Prakash also helped to remove a bug from Uber which let a person to use Uber cab free for lifetime.

Back to top button