If you receive an email from Uber asking for your credit card details be careful: there is a bug that … -!: All the details about If you receive an email from Uber asking for your credit card details be careful: there is a failure that the … -! are on topwhich.com. I am happy to present you all the developments about If you receive an email from Uber asking for your credit card details, be careful: there is a bug that … -! Here’s what you need to know about If you receive an email from Uber asking for your credit card details, be careful: there is a bug that … -!, Here are the details … A vulnerability in Uber’s email system allows almost anyone to send emails on Uber’s behalf. These emails, which can be sent from Uber’s servers , appear legitimate to any email provider (because they technically are) and would pass any spam filter.
Uber appears to be aware of the bug, but hasn’t fixed it for now , based on security researcher and bug bounty hunter Seif Elsallamy , who was the one who saw how anyone can send emails posing as Uber.
THEFT OF DATA and UNSOLICITED PACKAGES WHAT is BRUSHING
This vulnerability can serve to steal your data
Image published in Bleeping Computer
It must be remembered that in the year 2016 the information of 57 millions of Uber users and drivers . So if a cybercriminal wants to take advantage of this bug, they have a good database to turn to.
In fact, that information was sold on the Darknet as we published from Genbeta. A year before that, in 2015, there was also a security breach that exposed the information of tens of thousands of drivers of the app.
How could this vulnerability be used by a cyber criminal ? According to the researcher who discovered the bug, an app customer could receive a message saying “Your Uber is coming now” or “Your Thursday morning ride with Uber” when you’ve never booked this ride and cause confusion.
But even more dangerous than that, a customer could receive a message from Uber saying that has to update your credit card details or your payment details . Elsallamy himself sent a journalist from Bleeping Computer an email message that seemed to come from Uber (as you can see in the previous photo) and that according to the information provided, it reached the inbox, not the one from spam, which is logical because it comes from the VTC app server itself.
In the test email sent to show that this error can be dangerous, it also shows that the cybercriminal can add a link to a malicious website to the email, where the person can enter these key data from their bank card.
The researcher reported the vulnerability to Uber through of your HackerOne bug bounty program just before starting 2022. It is unknown if anyone has taken advantage of this error so far, but the investigator says that Uber has ignored the bug report.
Specifically, when the investigator sent his discovery to Uber, the The complaint was rejected for being “out of reach”, since it assumes that the exploitation of the technical failure requires some form of social engineering . After learning this, other researchers have said they previously informed Uber of the error, so it is not something new.