Close Menu
Subscribe
News & Analysis

Uber Account Takeover Vulnerability Discovered

ISBuzz TeamBy 1 Min Read
uber editorial

According to this link, https://www.forbes.com/sites/daveywinder/2019/09/12/uber-confirms-account-takeover-vulnerability-found-by-forbes-30-under-30-honoree/#16085ecf9b87, a security vulnerability has been discovered that could allow attackers to compromise and control any Uber account.

  • The vulnerability could be exploited to track a user’s location and take rides from their account via an application programming interface (API) request
  • This involved first acquiring the user universally unique identifier (UUID) of any user by sending an API request that included either their telephone number or email address. “Once you have the leaked Uber UUID from the API request,” Prakash said, “you can replay the request using the victim’s Uber UUID and get access to private information like access token (mobile apps), location and address.”
  • The same vulnerability impacted Uber driver accounts and Uber Eats accounts as well

About the Author

The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share.

Related Posts

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

Working With Us

Write For Us

The Pages