Imagine, you are sitting on the comfy couch on your TV lounge and watching a horror movie on Netflix, and your email notification tone buzzes on your phone and when you casually take a look there is a message which reads "your Uber is on the way".
You will be shocked right, considering you never booked on. Well, it’s true, you can receive any email, any time from Uber.
A bug bounty hunter "Seif Elsallamy" uncovered a flaw in the Uber system that allows anyone to send email from Uber. A researcher who dug this hack in the Uber system, according to him, 57 million Uber users and drivers are at risk and they can be harmed by malicious actors, (the malicious actor is a term for a person groups of people who are engaging in the cybercrime and phishing), especially for those, whose information was leaked by in 2016 data leakage in Uber. For that personal data leakages, Uber was fined 385,000 pounds by the UK information commissioner office and 600,000 pounds fined by the data protection authority in the Netherlands.
The report comes to the media via a HackerOne bug bounty program when people all around the world are busy celebrating the new year with their fellows.
But the important thing is that Uber seems to be well aware of all these in their system but they are not taking things seriously. Unfortunately, all these emails sent from Uber servers are technically authentic. While many complaints have been made and reports have been filed, there have been no responses.
Moreover, the reports were rejected by Uber engineers, and this is not the first time, another two bug bounty hunters named, Soufiane El Habti and Shiva Maharaj claimed that they had previously informed Uber about the issues but that goes all in vain. Uber also rejected their report too.
Although this is not as simple as seeing, the email comes from an Uber server that passed the two security checks, DKIM and DMARC. Elsallamy found this case much similar to the "Facebook 2019 bug" reported by a pen-tester Youssef Sammouda.
Uber is a huge company spread throughout the globe and if the tech giant is aware that such malicious actors have managed to surpass their ‘strong’ security system they really need to buck up their game. People all around the world have trusted this cab service company for their commute for years now. The fact that anyone can make a ride appear out of nowhere outside your house is a matter of concern and the tech giant really needs to do something about it. If it doesn’t take the necessary actions soon, it may lose their loyal audience soon.
Read next: Ransomware has massively increased in 2021 and a new report reveals some concerning insights about it
You will be shocked right, considering you never booked on. Well, it’s true, you can receive any email, any time from Uber.
A bug bounty hunter "Seif Elsallamy" uncovered a flaw in the Uber system that allows anyone to send email from Uber. A researcher who dug this hack in the Uber system, according to him, 57 million Uber users and drivers are at risk and they can be harmed by malicious actors, (the malicious actor is a term for a person groups of people who are engaging in the cybercrime and phishing), especially for those, whose information was leaked by in 2016 data leakage in Uber. For that personal data leakages, Uber was fined 385,000 pounds by the UK information commissioner office and 600,000 pounds fined by the data protection authority in the Netherlands.
The report comes to the media via a HackerOne bug bounty program when people all around the world are busy celebrating the new year with their fellows.
But the important thing is that Uber seems to be well aware of all these in their system but they are not taking things seriously. Unfortunately, all these emails sent from Uber servers are technically authentic. While many complaints have been made and reports have been filed, there have been no responses.
Moreover, the reports were rejected by Uber engineers, and this is not the first time, another two bug bounty hunters named, Soufiane El Habti and Shiva Maharaj claimed that they had previously informed Uber about the issues but that goes all in vain. Uber also rejected their report too.
Although this is not as simple as seeing, the email comes from an Uber server that passed the two security checks, DKIM and DMARC. Elsallamy found this case much similar to the "Facebook 2019 bug" reported by a pen-tester Youssef Sammouda.
Uber is a huge company spread throughout the globe and if the tech giant is aware that such malicious actors have managed to surpass their ‘strong’ security system they really need to buck up their game. People all around the world have trusted this cab service company for their commute for years now. The fact that anyone can make a ride appear out of nowhere outside your house is a matter of concern and the tech giant really needs to do something about it. If it doesn’t take the necessary actions soon, it may lose their loyal audience soon.
Read next: Ransomware has massively increased in 2021 and a new report reveals some concerning insights about it