Skip to main content
  1. Home
  2. Computing
  3. News

Uber launches bug bounty program with top prize of $10,000

Jonathan Keane
By

uber bug bounty program
Uber is the latest company to launch its own bug bounty program for white hat hackers with rewards of up to $10,000 for discovering serious flaws.

From May 1, security researchers will have three months to research and disclose any vulnerabilities they can find in Uber’s websites and apps. Uber is making public what it calls a “treasure map” of its code to help security researchers examine the code for any issues. The bug bounty program was previously in beta but will now be open to anyone to try.

Multiple bugs found will result in bonus rewards to encourage hackers to stay loyal to Uber and continue scrutinizing its security for the better. Some of the vulnerabilities it is looking for include cross-site scripting and SQL injection.

Hackers will have to privately disclose their findings to Uber and only after the bug has been patched will the details be made public.

Critical vulnerabilities will pay $10,000, and include things like remote code execution or exposing user data. “Significant issues” such as cross-site scripting and failed authentication features will pay $5,000, while “medium issues” will pay $3,000 for less serious bugs that don’t expose any personal identifiable information (PII) on users.

The bug bounty program comes after Uber experienced its fair share of security problems. A 2014 data breach exposed 50,000 Uber drivers’ personal details. The company failed to act on it for months and ultimately paid a $20,000 fine in the state of New York. The source of the breach even led to accusations involving Uber’s competitors.

Meanwhile compromised user accounts have been spotted on the dark Web selling for as little as a $1 apiece with few details on how exactly they were breached. Finally, in an embarrassing episode in January the personal information, including a social security number, of one Uber driver in Florida was accidentally sent out to thousands of other drivers.

Editors' Recommendations

Microsoft’s emoji library goes open source

The design process of emoji.

The most common Microsoft Teams problems, and how to fix them

A close-up of someone using Microsoft Teams on a laptop for a videoconference.

Selling something online? Watch out for this clever new scam

An individual holding a phone and card.

WhatsApp adds new privacy features that everyone should start using

The WhatsApp app icon on a phone with other messaging apps.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Elon Musk talks to the press as he arrives to to have a look at the construction site of the new Tesla Gigafactory near Berlin.

How to delete files on a Chromebook

Lenovo IdeaPad Duet 5 Chromebook open on a table.

How to factory reset an HP laptop

HP EliteBook 840 Aero G8 sitting on desk.

How to watch Samsung Galaxy Unpacked August 2022

Samsung executive TM Roh

Best Phone Deals: Save on Google Pixel 6, Galaxy S22 Ultra

Galaxy S22 Ultra and iPhone 13 Pro cameras seen from the back.

The best 4K 120Hz gaming monitors for 2022

Two people playing a video game.

Best iPhone deals and sales for August 2022

iPhone 13 Pro in blue.

Best tablet deals for August 2022

apple ipad air pro deals best buy macmall work from home sale 10 5 review screen angle 1 3 768x768

Best Dyson Deals: Save on purifying fans, cordless vacuums

The Dyson Cyclone V10 Animal cordless vacuum cleaning a mess made by a baby.