Who doesn't love a free Uber ride? But if the system were doling out unlimited free rides that would be bad news for the ride hailing service. Anand Prakash, an Indian security engineer, prevented potentially big losses for Uber by pointing out a bug in the system that would allow anyone to take unlimited free rides. Uber in turn rewarded Prakash with $5,000.
Prakash is a renowned white-hat hacker who has made a name by pointing out security loopholes in websites. He discovered the bug in the Uber system that would have allowed any hacker to make multiple ride requests to the system without making any payments. The hacker had to essentially place random characters in the payment field through the code.
The details of the bug and a video is available on Prakash's blog post. Uber's security team has fixed the flaw now.
"Uber's bug bounty program works with security researchers all over the world to fix bugs, even when they don't directly impact our users. We appreciate Anand's ongoing contributions and were happy to reward him for an excellent report," an Uber spokesperson told TechCrunch.
This is not the first straw from Prakash in the bug bounty world, though. He won a $15.000 reward from Facebook last year.