Skip to main content
  1. Home
  2. Computing
  3. News

Uber launches bug bounty program with top prize of $10,000

Jonathan Keane
By

uber bug bounty program
Image used with permission by copyright holder
Uber is the latest company to launch its own bug bounty program for white hat hackers with rewards of up to $10,000 for discovering serious flaws.

From May 1, security researchers will have three months to research and disclose any vulnerabilities they can find in Uber’s websites and apps. Uber is making public what it calls a “treasure map” of its code to help security researchers examine the code for any issues. The bug bounty program was previously in beta but will now be open to anyone to try.

Recommended Videos

Multiple bugs found will result in bonus rewards to encourage hackers to stay loyal to Uber and continue scrutinizing its security for the better. Some of the vulnerabilities it is looking for include cross-site scripting and SQL injection.

Related

Hackers will have to privately disclose their findings to Uber and only after the bug has been patched will the details be made public.

Critical vulnerabilities will pay $10,000, and include things like remote code execution or exposing user data. “Significant issues” such as cross-site scripting and failed authentication features will pay $5,000, while “medium issues” will pay $3,000 for less serious bugs that don’t expose any personal identifiable information (PII) on users.

The bug bounty program comes after Uber experienced its fair share of security problems. A 2014 data breach exposed 50,000 Uber drivers’ personal details. The company failed to act on it for months and ultimately paid a $20,000 fine in the state of New York. The source of the breach even led to accusations involving Uber’s competitors.

Meanwhile compromised user accounts have been spotted on the dark Web selling for as little as a $1 apiece with few details on how exactly they were breached. Finally, in an embarrassing episode in January the personal information, including a social security number, of one Uber driver in Florida was accidentally sent out to thousands of other drivers.

Editors' Recommendations

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Pick your nose in a crowd of 10,000 and this 500-megapixel camera will know
500 megapixel super camera china architecture building city 794212

Artificially intelligent cameras can recognize faces, but picking out faces in a crowd becomes a challenge -- unless you have 500 megapixels, that is. Researchers from the Fudan University and Changchun Institute of Optics, Fine Mechanics and Physics of the Chinese Academy of Sciences recently unveiled a 500-megapixel security camera they say can pick out faces in crowds of tens of thousands of people.

Unveiled during the International Industry Fair in China, the camera is cloud-connected, and using A.I., tracks people in a crowd. And it does all that, researchers say, in real-time. Details on the camera's construction were not released, but an image of the device looks like a series of synchronized cameras.

Read more
Microsoft opens Chromium Edge bug bounty program with rewards up to $30,000
microsoft chromium edge bug bounty insider

Microsoft has launched a bug bounty program for Chromium Edge, with security starting to become an even more important aspect as the web browser moves closer to its first official release.

Microsoft worked Edge through a major overhaul, dropping EdgeHTML in favor of the open-source Chromium engine that also serves as the foundation for Google's Chrome web browser. To allow the Chromium Edge to keep up with competition, the browsers needs to be proven safe and secure.

Read more
How to delete your Spotify account on desktop and mobile
An iPhone with the Stats for Spotify screen on it being held in a hand.

Spotify is home to a bountiful trove of music. With over 615 million users connected to the platform, it’s no wonder it’s one of the biggest music-streaming platforms in town. Still, sometimes we need to put aside a little extra pocket change every month. And one of the first things to go are monthly subscriptions. We know it stinks, but this doesn’t mean your Spotify account needs to disappear forever.

Read more