Uber announces $10,000 bug bounty program

Uber announces their first ever bug bounty program on HackerOne platform on Tuesday. The rewards will be decided according to the severity of bug reported by the security researchers. There are three categories of  rewards; the researchers can take home maximum $10,000 bucks if the reported vulnerability is critical. While the minimum reward is worth $3,000.

Uber has followed the footsteps of some big tech organizations who are using the bug bounty programs to fix critical bugs in their products. The aim of Uber behind launching the bug bounty program is to secure the personal information of their riders and drivers.

The programs kick off from 1st May and security researchers have 90 days to report the bugs in Uber’s systems. The Uber’s bounty program is not totally identical to bounty program of other silicon valley firms like Facebook, Microsoft, Google, Twitter, Yahoo. Company has taken some unorthodox steps by announcing that it will even provide a “treasure map” for bug hunters designed to steer them toward potentially vulnerable areas of the company’s site.

Collin Greene Head of Uber’s Product Security said; “By giving them a treasure map of the structure of our system, they can spend their time looking for really subtle bugs,”. 


Uber has published a list of vulnerabilities in which the company is interested. Some notable vulnerabilities are:

  • Cross-site Scripting (XSS)
  • Cross-site Request Forgery
  • Server-Side Request Forgery (SSRF)
  • SQL Injection
  • Server-side Remote Code Execution (RCE)
Last year the accounts of Uber’s riders has been compromised, news comes out  in September last year when Uber car was on its way to pick their customer/rider in California, but the customer/rider didn’t order the Uber’s car service. The account of their customer was hacked which opened the Pandora box that hundreds of Uber’s accounts has been compromised. The issue was fixed just after two weeks. 


Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...