Recently, a bug in Uber services allowed hackers to order food and book rides on the customer’s account, that too at the victim’s expense. According to Uber, they have finally sorted out this mess. Anand Prakash, a cybersecurity researcher first found this bug and brought this to Uber’s knowledge.
Prakash was able to access an account’s unique user ID by supplying a phone number or email address associated with an account to Uber’s API. This API is used to send information to Uber app developers to make sure that the app is working well without any problems with other apps like Google Maps which helps the customer to hail a ride from his/her location.
Uber had paid $6,500 for discovering this fatal flaw in the system. According to Uber, the developers at Uber were quick to fix the problem, and reportedly the problem was fixed just days after it was brought to the Uber’s attention. Even though this was made into news, Uber claims that the flaw was just a flaw and that it was not used for criminal purposes by anyone. Uber takes extreme precaution, and if a login was done in a new device using the credentials of a customer, the customer gets an instant notification right away, and Uber asks them to confirm the activity or prompting them to reset their credentials.
Uber’s bug bounty program has paid over $2m to more than 600 researchers around the world and we’re grateful for their contributions to help protect the Uber platform. – They assured
Somewhat of a similar method was used by a hacker on Facebook in 2018 and due to this, 30 million Facebook accounts were compromised. It is not sure yet why this attack had taken place on Facebook. With Uber’s such a large consumer base, it is hoped that the customers would not fall victim to such attacks in the future.