Uber had no inkling about the same until an Indian man named Anand Prakash pointed it out and got it resolved.
By Ankita Chakravarti: Uber, the popular ride-hailing service, suffered a glitch in their system that allowed riders to book trips without being charged. Naturally, many users would have taken advantage of the flaw and enjoy free rides without paying a penny. The company obviously had no inkling about the same until an Indian man named Anand Prakash pointed it out and got it resolved. While the bug would have made things so much more convenient for the users, the company would have suffered revenue losses. Prakash, who is the founder of a hacking firm, discovered the bug for Uber in 2017 and reported it to Uber.
The bug was no small thing as it would have caused significant losses to Uber. Prakash discovered that by using an invalid payment method, users could take trips in both the US and India without paying any money. He even created a video as proof-of-concept, which he shared on his LinkedIn page.
“I was able to take several trips to the US and India without paying any money, all thanks to this bug(after taking due permission from team for replicating this bug). All I had to do was book a ride and use an invalid payment method and the ride ended up going as free. ( I even made a video to show proof-of-concept to show that all I had to do was specify an invalid payment method, expressed in a simple string of characters like “abc” or “xyz,” and not be billed for the ride,” Prakash posted on Linkedin.
After discovering the bug, Prakash immediately reported it to Uber, and the company fixed it the same day. Prakash, who has been described as an ethical hacker, emphasized the importance of proactive security for vulnerability discovery, engagement with an external community of hackers, and more checks on CI/CD to detect issues early on.
It is not clear how such a significant issue went unnoticed by Uber’s team, but ethical hacker was able to detect and report the bug. As technology continues to advance, it’s important for brands to take security seriously and work with experts to ensure the safety of their customers and their businesses.
Uber recognized Prakash’s efforts and rewarded him for his discovery. While the company could have suffered significant losses due to the bug, Prakash’s report allowed Uber to fix the issue before it could be exploited by any malicious users.