The heart of tech

This article was published on March 22, 2016


Uber: Hack us and we’ll give you up to $10,000

Uber: Hack us and we’ll give you up to $10,000 Image by: David Ramos
Bryan Clark
Story by

Bryan Clark

Former Managing Editor, TNW

Bryan is a freelance journalist. Bryan is a freelance journalist.

Today, Uber — the site with a bit of an image problem when it comes to security — opened the doors on its bug bounty program and promised payouts of up to $10,000.

The program has very specific examples of what qualifies for a reward, such as cross-site scripting (XSS), SQL injection, server-side remote code execution (RCE) and others. You can find what it it is, and isn’t, looking for here. Or, you can peruse the company’s blog post for information about specific technologies in use across several Uber Web properties, including:

  • https://*.uber.com/
  • https://*.dev.uber.com/
  • http://petition.uber.org
  • http://ubermovement.com
  • iPhone Rider Application
  • iPhone Partner Application
  • Android Rider Application
  • Android Partner Application

If you find a bug, you’ll be paid $3,000 to $10,000 for issues for one of the items on its hit list, or you’ll get a nice firm pat on the back if you find an issue related to fraud, as Uber isn’t currently rewarding those who find fraud issues.

UBER ENGINEERING BUG BOUNTY: THE TREASURE MAP [Uber via HackerOne]

Also tagged with