I Could Have Hacked All Uber Accounts- But I Chose to Report it Instead

Written by appsecure | Published 2019/09/13
Tech Story Tags: uber | bug-bounty | api | bounty | latest-tech-stories | hacked-all-uber-accounts | hacked-uber-accounts | getting-user-of-uuid-uber-user

TLDR This is being published with the permission of Uber under the responsible disclosure policy. The vulnerability detailed in this blog post is being disclosed by Anand Prakash of AppSecure. This was plugged quickly by the security team at Uber. This issue is similar to Facebook’s access token leak which was discovered last year https://techcrunch.com/2018/09/28/facebook-says-50-million-accounts-affected-by-account-takeover-bug/via the TL;DR App

no story

Written by appsecure | Founder PingSafe.
Published by HackerNoon on 2019/09/13