Uber officially announced a “Bug Bounty Program” that will pay independent security researchers thousands of dollars in rewards for finding hackable bugs in its apps and websites.
Uber will Pay 10,000 USD to Friendly Hackers who can Hack them
According to Uber, the bug bounty is not in response to any specific incident of hacking, although the ride-hail company has had a fair share of notable security breaches over the last few years.
Once you’ve found a bug, Uber developers will remediate it and then it’ll be up to Uber to decide how much bounty to pay you. Here’s a Bounty Payout range
- Critical issues ($10,000) – These include vulnerabilities that compromise an employee account, exposure of information that identifies individuals, payment or partner invoice information exposure at scale or potential access to source code.
- Significant Issues ($5,000) – Stored Cross-site Scripting which can cause significant brand damage (e.g. in a homepage), missing authorization checks leading to the exposure of email addresses, date of birth, names, phone numbers, etc.
- Medium Issues ($3,000) – Reflected Cross-site Scripting (XSS), most Cross-site Request Forgery (CSRF) issues, access control issues which do not exposed PII but affect other accounts, rate limiting issues, account validation bypasses and any vulnerability which allows the bulk lookup of user UUIDs.
- Fraud Issues – If you spot anything fraudulent, send it to [email protected] This does not come with any reward.
For More Information Please Visit: Uber