Uber corrected a serious one defect which allowed hackers to call routes and charge customer accounts through various other markets, using the victim's email address or phone number.
APIs send information from Uber to application developers, usually to ensure that their applications work with Uber, such as Google Maps, which allows you to call a route from your exact location.
The company awarded $ 6,500 to the security researcher under the Bug Bounty program. In general, Uber pays up to $ 50.000 for new vulnerabilities. The error was corrected just days after it was notified.
An Uber spokesman claimed the defect did not occur exploit by hackers. In addition, he stressed that Uber has automated protection that detects suspicious activity, such as a connection from a new device, and will warn a user either by asking him to confirm the activity or by resetting his credentials.
Uber's bounty bug program has paid more than $ 2 million to more 600 researchers around the world contributing to protection of the platform.
Using a similar "access tokens" theft method could endanger 30 millions of accounts in Facebook. It is not clear who orchestrated the attack. The Federal Bureau of Investigation began an investigation in October.
Uber, which now stands at about $ 57 billion, operates in 785 cities around the world.