This article was published on March 22, 2016

Uber: Hack us and we’ll give you up to $10,000


Uber: Hack us and we’ll give you up to $10,000

Today, Uber — the site with a bit of an image problem when it comes to security — opened the doors on its bug bounty program and promised payouts of up to $10,000.

The program has very specific examples of what qualifies for a reward, such as cross-site scripting (XSS), SQL injection, server-side remote code execution (RCE) and others. You can find what it it is, and isn’t, looking for here. Or, you can peruse the company’s blog post for information about specific technologies in use across several Uber Web properties, including:

  • https://*.uber.com/
  • https://*.dev.uber.com/
  • http://petition.uber.org
  • http://ubermovement.com
  • iPhone Rider Application
  • iPhone Partner Application
  • Android Rider Application
  • Android Partner Application

If you find a bug, you’ll be paid $3,000 to $10,000 for issues for one of the items on its hit list, or you’ll get a nice firm pat on the back if you find an issue related to fraud, as Uber isn’t currently rewarding those who find fraud issues.

UBER ENGINEERING BUG BOUNTY: THE TREASURE MAP [Uber via HackerOne]

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with