23 Jan Uber Fixes Flawed 2FA Measure
It was recently revealed that Uber had quietly fixed a security flaw with their 2 factor authentication which was reported last Sunday. The bug could have allowed an attacker to log into user accounts, yet the ride-hailing giant downplayed the issue and said that it was not particularly severe.
Karan Saini, a security researcher based in New Delhi who found the bug, submitted it via HackerOne which manages Uber’s bug bounty. However, it was rejected and merely marked as “informative” meaning that it didn’t warrant an immediate fix.
Uber spokesperson Melanie Ensign added that the bug wasn’t a bypass but was likely caused by their security team’s ongoing testing of account security measures.