A Vulnerability Allowing Almost Anyone to Send Emails from Uber.com Was Discovered

Uber Technologies, Inc., or Uber, is a San Francisco-based American mobility-as-a-service provider operating services in over 900 metropolitan regions worldwide. Its services include ride-hailing, food delivery (Uber Eats and Postmates), package delivery, couriers, freight transportation, electric bicycle and motorized scooter rental through a relationship with Lime, and ferry transportation in collaboration with local operators. Uber does not own any vehicles and instead earns a 25% fee on each booking. Fares are quoted to customers in advance, but they change depending on a dynamic pricing methodology based on local supply and demand at the time of booking.

What Happened?

Seif Elsallamy, a security researcher and bug bounty hunter, uncovered a flaw in Uber’s systems that allows anybody to send emails on Uber’s behalf.

The researcher who discovered this flaw warns that threat actors might exploit it to send emails to the 57 million Uber customers and drivers whose information was exposed in a previous data breach.

These emails, sent from Uber’s servers, would appear authentic to an email provider, as they are in fact, and would pass through any spam filters.

Elsallamy forwarded an email that looked like it was from Uber to BleepingComputer.


It’s worth noting that the

Read More: https://heimdalsecurity.com/blog/a-vulnerability-allowing-almost-anyone-to-send-emails-from-uber-com-was-discovered/