Skip to main content
  1. Home
  2. Computing
  3. News

Uber launches bug bounty program with top prize of $10,000

Jonathan Keane
By

uber bug bounty program
Uber is the latest company to launch its own bug bounty program for white hat hackers with rewards of up to $10,000 for discovering serious flaws.

From May 1, security researchers will have three months to research and disclose any vulnerabilities they can find in Uber’s websites and apps. Uber is making public what it calls a “treasure map” of its code to help security researchers examine the code for any issues. The bug bounty program was previously in beta but will now be open to anyone to try.

Multiple bugs found will result in bonus rewards to encourage hackers to stay loyal to Uber and continue scrutinizing its security for the better. Some of the vulnerabilities it is looking for include cross-site scripting and SQL injection.

Related

Hackers will have to privately disclose their findings to Uber and only after the bug has been patched will the details be made public.

Critical vulnerabilities will pay $10,000, and include things like remote code execution or exposing user data. “Significant issues” such as cross-site scripting and failed authentication features will pay $5,000, while “medium issues” will pay $3,000 for less serious bugs that don’t expose any personal identifiable information (PII) on users.

The bug bounty program comes after Uber experienced its fair share of security problems. A 2014 data breach exposed 50,000 Uber drivers’ personal details. The company failed to act on it for months and ultimately paid a $20,000 fine in the state of New York. The source of the breach even led to accusations involving Uber’s competitors.

Meanwhile compromised user accounts have been spotted on the dark Web selling for as little as a $1 apiece with few details on how exactly they were breached. Finally, in an embarrassing episode in January the personal information, including a social security number, of one Uber driver in Florida was accidentally sent out to thousands of other drivers.

Editors' Recommendations

Topics
These 7 AI creation tools show how much AI can really do
Metaphor works like DALL-E and Stable Diffusion but uses AI to fill in prompts with links instead of text or images.
If you use PayPal, your personal data may have been compromised
A person holds a mobile phone with the PayPal app open.
How to fix audio issues in macOS
Apple MacBook Gold 2015 speaker grill
The best password managers for 2023
have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we
This 8K monitor has 3D tech that can be viewed from all angles
A BOE 8K display.
Microsoft continues its unabashed embrace of ChatGPT and AI
OpenAI and MIcrosoft logos appear over a computer generated background.
Don’t fall for this Mac Mini M1 deal — buy this instead
apple mac mini m2 deal february 2023 resized
No, AMD CPUs and GPUs won’t get cheaper — the CEO reveals why
AMD CEO Lisa Su delivering AMD's CES 2023 keynote.
Best Gaming PC Deals: Save on RTX 3070, 3080, 3090 PCs
The Alienware Aurora R10 Ryzen Edition Gaming Desktop, placed on a desk.
Don’t miss this Samsung Galaxy Book 3 Ultra pre-order deal
Someone typing on the Samsung Galaxy Book 3 Ultra.
Experts fear ChatGPT will soon be used in devastating cyberattacks
The ChatGPT name next to an OpenAI logo on a black and white background.
Lenovo’s Surface-style Chromebook just got a big price cut
The new Lenovo Chromebook Duet 5 sitting on a desk.
Save $620 on this Lenovo gaming laptop with an RTX 3070
The Lenovo Legion 5 Pro gaming laptop on a table.