An Indian genius, Bengaluru based hacker, Anand Prakash, spotted a bug with Uber and for
finding major security loophole, he has been awarded by Uber more than 3 lakhs. This bug actually allowed anyone to travel free by Uber.
Anand exposed this bug through Uber’s bug bounty program where the hackers
identify and inform about the issues and get rewarded for the same. Hackers can get rewarded anywhere between $100 and $10,000 by Uber depending on how important
bug they have exposed.
Anand in his video, explained the complete process. At first, you create an account on Uber and then start your ride, you have an option to use credit, debit, cash or wallet to make payment once your ride is done. But, Anand showed another invalid mode of payment such that the app allowed him to take a free ride. “Attackers could have misused this by taking unlimited free rides from their Uber account”, Anand explained in his blog post.
He showed Uber team how because of this bug he wasn’t charged anything while travelling in India and US. The bug is now fixed by the Uber team and the team is really thankful to Anand for saving them from incurring heavy losses and that is reason that Uber has happily rewarded him $5000.
“Uber’s bug bounty programme works with security researchers all over the world to fix bugs, even when they don’t directly impact our users. We appreciate Anand’s ongoing contributions and were happy to reward him for an excellent report,” said an Uber spokesperson.
However, this wasn’t the first time that Anand Prakash was rewarded on International platform, the Indian hacker has also been rewarded by companies like Facebook, Twitter, Adobe and Google and others.
He has earlier received a cash prize of $15000 from Facebook for finding a bug in the their password system which permitted one to change other person’s password and then, own that account.
24 years old Anand Prakash is a passout of Vellore Institute of Technology and is a former
employee of Flipkart.