top of page
CMT Jan 25.gif

Uber has fixed a high severity bug found by a tech bug bounty hunter


Ride-haling firm Uber has fixed a “high” severity bug found by a tech bug bounty hunter. The flaw found by Anand Prakash back in April allowed would-be hackers to book rides and food on Uber customers’ accounts by using the account holder’s email address or phone number. 

The tech security researcher summarised the bug on Hackerone.com, a site which pays bounties for bugs found on certain platforms like Uber’s, as ‘using the API token attacker could have gained full access to driver/rider account’. Uber paid out $6,500 (£5,300) to Prakesh for finding the bug under its bug bounty programme on Hackerone. Uber closed the bug submitted as resolved and rated the severity of the glitch as ‘High’. Uber said in its summary of the bug: “It was possible for an attacker to insert another user’s UUID into the userUuid POST parameter when making a request to https://bonjour.uber.com/marketplace/_rpc?rpc=getConsentScreenDetails, allowing them to retrieve personal data from the victim user’s account, as well as the user's mobile auth token, which could allow them to make requests to mobile APIs as the victim.” 

Subscribe to our FREE TaxiPoint newsletter. Receive the latest news to your inbox.
(Please note this does not include our Premium access content)

Thanks for subscribing!

Already a Premium Subscriber? Log-in to access ALL Premium content here using your TaxiPoint Premium subscribed email address:

TaxiPoint_WebBanner_700x200.jpg
RENT WITH (720 x 200 px) (1).gif
Taxipoint - Web Banner - 12.24.png
IMG_2814.jpeg
Save £££ £3.50 per hour - Compressed (1).gif
1comp.gif
Taxipoint Ads -Fleet Web Banner -April 2025.jpg

The views expressed in this publication are not necessarily those of the publishers.

All written and image rights are reserved by authors displayed. Creative Common image licenses displayed where applicable.

Reproduction in whole or in part without prior permission from the publisher is strictly prohibited.

All written content Copyright of TaxiPoint 2025.

bottom of page