These People Hacked Uber — And May Have Learned Everything About You

Source: AP
Source: AP

Uber has faced criticism for its treatment of drivers and its treatment of women — now it's under fire for its treatment of your personal information. 

Researchers Vitor Oliveira, Fábio Pires and Filipe Reis from Portugal-based security firm Integrity recently found a bunch of vulnerabilities in Uber's app, one of which let the hackers see a user's name, full trip path, their driver's name and the license plate and car model, according to Integrity's blog post

Oliveira confirmed the vulnerabilities in a Twitter direct message and said "now it's all fixed." Uber corroborated this by emailing Mic a link to the Integrity team's blog post, where it detailed that all of the bugs the security researchers found had either been resolved or previously reported. 

Uber paid the team a total of $18,000 for spotting four vulnerabilities, Oliveira said. 

Here's how it worked: Using one of the several vulnerabilities discovered, the group tested a new functionality which let them "see the last trip from every driver" by only knowing their UUID — which can be obtained by requesting a random driver and canceling the trip after they accept, according to the blog post. It adds: 

"In the response of this request, we were able to get the driver name, license plate, last trip UUID, last passenger name, number of passengers, the origin and destination of the trip." From there, they were able to see the Uber's full path. 

Visual proof of the full path trip
Source: 
Medium

"For the people who are starting the bug bounty programs, our advice is: never give up or be afraid if it is a big company, just have fun and try to learn as much as possible along the way and in time the profits will come," the blog post read.

Read more: 
Your Uber Driver Makes a Whole Lot Less Than You're Being Led to Believe
• Uber Reportedly Knows When Your Phone's Dying —And You'll Pay More When You're Desperate
• Is Uber Doing Enough to Protect Women Drivers From Sexual Harassment? 

How likely are you to make Mic your go-to news source?

Melanie Ehrenkranz

Melanie is a writer covering technology and the future. She can be reached at melanie@mic.com.

MORE FROM

How to use the Snapchat Map while everyone else continues to be confused about it

Everything you need to know about the new feature.

Planet 10? Scientists may have discovered a hidden planet in our solar system

There could be a ninth — or even 10th — planet hiding out in our solar system.

Scientists created a robot that will iron your clothes for you

Shut up and take my money.

Moth eyes have inspired the touchscreen of the future

It's going to change the anti-reflection game.

Twitter was flagging tweets including the word "queer" as potentially "offensive content"

Why Twitter put the word "queer" in the same category as violent, sexual imagery.

How Mark Zuckerberg wants to transform society through Facebook Groups

Facebook has a new mission.

How to use the Snapchat Map while everyone else continues to be confused about it

Everything you need to know about the new feature.

Planet 10? Scientists may have discovered a hidden planet in our solar system

There could be a ninth — or even 10th — planet hiding out in our solar system.

Scientists created a robot that will iron your clothes for you

Shut up and take my money.

Moth eyes have inspired the touchscreen of the future

It's going to change the anti-reflection game.

Twitter was flagging tweets including the word "queer" as potentially "offensive content"

Why Twitter put the word "queer" in the same category as violent, sexual imagery.

How Mark Zuckerberg wants to transform society through Facebook Groups

Facebook has a new mission.