Uber, a well-known ride-hailing service, experienced a system error that allowed users to plan rides without being charged. Naturally, many users would have exploited the error and enjoyed free rides. Evidently, the company was unaware of the situation until Anand Prakash, an Indian, brought it to their attention and fixed it. The company could have experienced revenue losses even though the glitch would have been incredibly pleasant for the users. The problem for Uber was detected in 2017 by Prakash, the founder of a hacking company, and reported to Uber.
Also Read: Apple Siri to Get Chat GPT like Features !!
The bug wasn’t small because it would have lost Uber a lot of money. Prakash found that customers could travel to both the US and India for free by employing an illegal payment technique. Even more, he created a proof-of-concept video and posted it to his LinkedIn page.
Source: Google
Prakash posted on Linkedin
“I was able to take several trips to the US and India without paying any money, all thanks to this bug(after taking due permission from the team for replicating this bug). All I had to do was book a ride and use an invalid payment method and the ride ended up going as free. ( I even made a video to show proof-of-concept to show that all I had to do was specify an invalid payment method, expressed in a simple string of characters like “abc” or “xyz,” and not be billed for the ride,”.
Also Read: Top 5 Budget friendly Mi Smartwatches for Men!!
Prakash quickly reported the bug to Uber, and the company fixed it the same day. Prakash, a self-described ethical hacker, underscored the importance of proactive security for finding vulnerabilities, engagement with external hacker communities, and more rigorous checks on CI/CD to detect problems in their early stages.
Source: Google
Uber’s team may not have identified such a critical issue, but thanks to an ethical hacker, the bug was discovered and disclosed. To protect their customers and their businesses as technology evolves, companies must take security seriously and collaborate with professionals.
Prakash’s efforts were recognised by Uber, who rewarded him for his discovery. The fault could have cost the company a lot of money, but the report submitted by Prakash enabled Uber to fix it before any malicious users could exploit it.