1. Computing

Uber launches bug bounty program with top prize of $10,000

By

uber bug bounty program
Uber is the latest company to launch its own bug bounty program for white hat hackers with rewards of up to $10,000 for discovering serious flaws.

From May 1, security researchers will have three months to research and disclose any vulnerabilities they can find in Uber’s websites and apps. Uber is making public what it calls a “treasure map” of its code to help security researchers examine the code for any issues. The bug bounty program was previously in beta but will now be open to anyone to try.

Multiple bugs found will result in bonus rewards to encourage hackers to stay loyal to Uber and continue scrutinizing its security for the better. Some of the vulnerabilities it is looking for include cross-site scripting and SQL injection.

Hackers will have to privately disclose their findings to Uber and only after the bug has been patched will the details be made public.

Critical vulnerabilities will pay $10,000, and include things like remote code execution or exposing user data. “Significant issues” such as cross-site scripting and failed authentication features will pay $5,000, while “medium issues” will pay $3,000 for less serious bugs that don’t expose any personal identifiable information (PII) on users.

The bug bounty program comes after Uber experienced its fair share of security problems. A 2014 data breach exposed 50,000 Uber drivers’ personal details. The company failed to act on it for months and ultimately paid a $20,000 fine in the state of New York. The source of the breach even led to accusations involving Uber’s competitors.

Meanwhile compromised user accounts have been spotted on the dark Web selling for as little as a $1 apiece with few details on how exactly they were breached. Finally, in an embarrassing episode in January the personal information, including a social security number, of one Uber driver in Florida was accidentally sent out to thousands of other drivers.

Editors' Recommendations

Update Google Chrome now to patch this critical security flaw

A MacBook with Google Chrome loaded.

How to protect your smartphone from hackers and intruders

Can cops and hackers track your phone

Some ethical hackers are making huge amounts of cash

mexico voting breach hacking laptop passwords code

The best identity theft protection

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Health tech (including blood pressure monitors) is ON SALE at Best Buy today

Withings - Thermo Smart Temporal Thermometer being compared with the digital display by a person, over the shoulder view.

Razer gets into PC components with RGB-ridden power supply, AIO cooler, and fans

Razer PC components.

Razer’s Bane-like Zephyr N95 face mask is real, and you can buy it now

A woman wearing the Razer Zephyr mask.

Razer’s new Kraken V3 headset might give you a headache (in a good way)

Razer Kraken V3 Pro headset on a stand.

Some retailers are already selling Intel Alder Lake processors, at a cheap price

Intel Core i9-12900K box.

Download AMD’s new driver now to fix a major Windows 11 bug

AMD Ryzen 5000 with no lid.

Not ready for Windows 11? The Windows 10 November 2021 update is coming

Windows 10 refresh features.

This Black Friday shopping hack will never leave you empty-handed

Black Friday 2021 is the day after Thanksgiving.