Uber ignores vulnerability that lets you send any email from Uber.com
A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber.
The researcher who discovered this flaw warns this vulnerability can be abused by threat actors to email 57 million Uber users and drivers whose information was leaked in the 2016 data breach.
Uber seems to be aware of the flaw but has not fixed it for now.
'Your Uber is arriving now'
Security researcher and bug bounty hunter Seif Elsallamy discovered a flaw in Uber's systems that enables anyone to send emails on behalf of Uber.
These emails, sent from Uber's servers, would appear legitimate to an email provider (because technically they are) and make it past any spam filters.
Imagine getting a message from Uber stating, 'Your Uber is arriving now,' or 'Your Thursday morning trip with Uber'—when you never made those trips.
Read the full article by Ax Sharma on the BleepingComputer blog.
This Month's Leaders
- 336 All Categories
- Featured Categories
- 7 About the AskJ1 Community
- 11 Product Announcements
- From Mission Control
- 1 Rapid Response
- 3 How J1 Uses J1
- 131 Asset Management
- 56 Compliance & Reporting
- 65 Security Operations
- 40 Security Engineering
- 5 Open Source
- 18 News, Careers and More