Bengaluru-based cybersecurity researcher, Anand Prakash, was awarded $6,500 (around Rs 4.6 lakh) by ride-hailing giant, Uber, as part of the company’s bug bounty program after discovering a critical flaw in the flagship app of the San Fransisco-based firm. Uber has reportedly already fixed the ‘account-takeover-vulnerability’ that could have potentially allowed attackers to take over any other user’s Uber account, including those of partners and Uber Eats users.
The bug was present in the API request function of the Uber app and, according to the company, was immediately fixed on being reported. The company also said that over $2 million was paid to more than 600 researchers around the world, including many in India, as part of its bug bounty program over the years. Another Indian researcher, Chennai-based Laxman Muthiyah, had recently won $30,000 as a part of Facebook’s bug bounty program after spotting a flaw in the company’s popular photo-sharing platform, Instagram.
Prakash, who started his career as a security engineer in Flipkart in 2014, had earlier discovered another bug in Uber, which reportedly allowed anyone to travel for free for a lifetime in an Uber cab. In 2016, he founded AppSecure, a cyber security startup, and has been featured in the Forbes’ “30 under 30 Asia” list. He had earlier earned $15,000 as bounty for discovering a Facebook vulnerability that allowed potential hackers to login without an account.
A graduate in computer science from Vellore Institute of Technology, Chennai, he had earlier received $5,000 from Uber for booking a free ride and $4,700 from Tinder. He has also worked with the Bengaluru-based foodtech startup, Freshmenu, to make the platform more secure. He has also participated in bug bounties for GitHub, Nokia, Soundcloud, Dropbox and PayPal in the past.
With inputs from IANS