While searching for bugs in Uber’s system, white hat hacker and snitch Anand Prakash discovered one that would allow anyone with the know-how the ability to hail a ride without having to pay.
But instead of doing the noble thing and spreading the news underground so the rest of us could have a few free rides before Uber found out, Prakash reported it straight to The Man himself.
No ad to show here.
Uber, like many tech companies, offers a bug bounty programme — meaning they pay anywhere between US$100 and US$10 000 to hackers who report bugs to them. The programmes both strengthens their security and keeps hackers from reporting the bug to the highest bidder.
Uber has paid a white hat hacker after he discovered a bug that allowed people to ride for free
Prakash, who submits reports to multiple companies, got paid US$5000 for the report.
“When a ride is completed a user can either pay cash or charge it to their credit/debit card. But, by specifying an invalid payment method for example: abc, xyz etc, I could ride Uber for free,” Prakash wrote in his blog post about the security issue.
After reporting the issue, Prakash was granted permission to take free rides in the US and India to demonstrate the issue. He was never billed.
“We appreciate Anand’s ongoing contributions and were happy to reward him for an excellent report,” an Uber spokesperson told TechCrunch.