Indian techie discovers Uber bug, bags Rs 4.6 lakh reward


New Delhi, Sep 16 (IANS): Ride-hailing giant Uber that recently fixed a hacking bug found by Bengaluru-based cybersecurity researcher Anand Prakash which allowed hackers to log into anyone's Uber account, and paid him $6,500 (nearly Rs 4.6 lakh) as reward.

The bug was an account-takeover-vulnerability on Uber that allowed attackers to take over any other user's Uber account, including those of partners and Uber Eats users, inc42 reported.

As per media report, the bug was present in the API request function of the Uber app.

According to Uber, the bug was immediately fixed through the company's bug bounty programme. It also said that over $2 million was paid to more than 600 researchers around the world, including Indian researchers.

Prakash had earlier removed a bug in Uber, by taking advantage of which anyone could travel for free for a lifetime in an Uber cab.

He started his career as a security engineer in Flipkart in 2014.

In 2016, he founded AppSecure, a cyber security startup.

Prakash has been featured in the Forbes' "30 under 30 Asia" list.

In 2015, Facebook awarded him $15,000 as bounty for logging in without an account.

A graduate in computer science from Vellore Institute of Technology, Chennai, he also received $5,000 from Uber for booking a free ride and $4,700 from Tinder.

Prakash has worked with the Bengaluru-based foodtech startup Freshmenu to make their platform secure.

He has also participated in bug bounties for GitHub, Nokia, Soundcloud, Dropbox and PayPal in the past.

  

Top Stories


Leave a Comment

Title: Indian techie discovers Uber bug, bags Rs 4.6 lakh reward



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.