Bengaluru hacker finds bug in Uber app allowing free rides for life

Anand Prakash discovered the bug and has been rewarded $5000 which amounts to roughly over ₹3 lakhs via Uber's bug bounty program. Hackers notifying about a bug can make somewhere between $100 and $10000 at Uber. However, this would depend upon the severity of the issue. 

In a blogpost describing the issue, he has written about the bug that allows anyone across the world to take free rides all their life. "Users can create their account on Uber.com and can start riding. When a ride is completed a user can either pay cash or charge it to their credit/debit card. But, by specifying an invalid payment method for example: abc, xyz etc, I could ride Uber for free," he wrote.

Watch the video below:

Attackers could have easily misused this by taking unlimited free rides, causing huge losses to Uber. The bug has now been fixed by the Uber team. 

While Indian firms are known to rely on consultancy firms, major international companies offer bug bounty programs. Last year, Prakash was paid $15,000 (approx. Rs 10 lakh) by Facebook for fixing a bug. Prakash is ranked 14th in Uber’s bug bounty program, and frequently submits bug reports.

"Bug bounty hunting is a hobby for Prakash, which he pursues independently not just for the rewards but also to keep his knowledge of the field up to date. Prakash spends around 2-4 hours in a week, mostly on weekends, discovering bugs. He discovered the Facebook bug, for which he won $15,000, in around 20 minutes," Prakash had told FirstPost. 

Image: Twitter/Anand Prakash

• Uber app
• Uber bug
• hacker
• Bengaluru hacker
• bangalore hacker
• Free rides
• free uber rides