RealTime IT News

Uber Pays Security Researcher $10K for Critical Flaw

Uber at its core is not a taxi company, it's a technology service and one of its primary assets is user information.  Uber recently closed a high impact flaw in its platform that could have potentially put that user information at risk.

While the vulnerability itself is interesting, so too is the means and method by which the vulnerability was discovered in the first place.  Though Uber is a technology company, it didn't discover the flaw on its own, but rather by way of a third party researcher, participating in a bug bounty program.

"Through the endpoint at /rt/users/passwordless-signup it is possible to change the password of any Uber user, given knowledge of their phone number (or by just enumerating phone numbers until one is found that is registered with Uber - not too hard given the number of Uber users),"  Hackerone bug report 143717 details.

Read the full story at eWEEK:
Uber Flaw Discovery Shows Why Bug Bounty Programs Are Important

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.