Tuesday, July 14, 13:54
Home security Hackers used Uber user accounts for online shopping

Hackers used Uber user accounts for online shopping

Uber corrected a serious one defect which allowed hackers to call routes and charge customer accounts through various other markets, using the victim's email address or phone number.

The error, which was discovered by Anand Prakesh, security researcher, could also be used for monitoring of the user's location.

Uber hackers

Prakesh was able to access the unique account ID or "access token", Providing a phone number or email address associated with an account at API of Uber.

APIs send information from Uber to application developers, usually to ensure that their applications work with Uber, such as Google Maps, which allows you to call a route from your exact location.

The company awarded $ 6,500 to the security researcher under the Bug Bounty program. In general, Uber pays up to $ 50.000 for new vulnerabilities. The error was corrected just days after it was notified.

An Uber spokesman claimed the defect did not occur exploit by hackers. In addition, he stressed that Uber has automated protection that detects suspicious activity, such as a connection from a new device, and will warn a user either by asking him to confirm the activity or by resetting his credentials.

Uber's bounty bug program has paid more than $ 2 million to more 600 researchers around the world contributing to protection of the platform.

Η hijacking accounts method was also used for its collapse Facebook by hackers in October on 2018.

Using a similar "access tokens" theft method could endanger 30 millions of accounts in Facebook. It is not clear who orchestrated the attack. The Federal Bureau of Investigation began an investigation in October.

Uber, which now stands at about $ 57 billion, operates in 785 cities around the world.


Please enter your comment!
Please enter your name here


LiveAuctioneers: The auction site has suffered a data breach!

LiveAuctioneers has revealed that it suffered data breach after a data breach broker started selling 3,4 million stolen user files in one ...

Ford Bronco 2021: The new 4 × 4 that surpasses the Jeep Wragler

Finally, after years, Ford returns to the battle of the jeeps with the new Ford Bronco 2021 to overcome the Jeep ...

Healthcare organizations: Focus on data protection

Cybercriminals continue their efforts to gain access to sensitive health information ....

And Mozilla is now reducing the validity of TLS certificates

After Apple and Google, Mozilla is the latest browser maker to update its policies to reduce ...

Office 365 will add support for temporary disposable email

Microsoft will provide Office 365 clients with support for the use of disposable email to facilitate the management of ...

SAP: Critical error allows hackers to seize corporate servers

SAP has released a patch for a critical bug that affects most of its customers. This error, which ...

New strain of Mirai botnet affects Comtrend routers

A new strain of the Mirai Internet of Things (IoT) botnet could be exploited by malicious agents to attack Comtrend routers.

New ransomware encrypts files with Google employee tool

A new ransomware called AgeLocker uses the "Age" encryption tool, created by an employee of ...

MGM Resorts: Hacker sells data to 142 million customers on the dark web

The data breach of MGM Resorts, which took place in 2019, is much bigger than ...

Ryzen 7 1700 vs. Ryzen 3 3300X: 8 cores vs. 4

AMD's favorite classic old generation, Ryzen 7 1700, is being tested and compared to its direct competitor, the 4-core Ryzen 3 ...