Announcing Uber’s Bug Bounty April Promo Event
Divyashree Joshi, Senior Security Engineer, Product Security
We know it’s been a while since you last heard from our team, but we can assure you that it was well worth the wait! With COVID introducing new safety and travel restrictions everywhere, we have missed throwing some amazing live hacking events and hanging out with you all! 2020 has been interesting, and we’ve seen some new faces and unique exploits.
Today, we are absolutely thrilled to announce Uber’s April Promo Event! Get ready for multipliers, bonuses, and last but not least, a highly coveted interview with our security team!
Here’s how it works:
- Key and credential exposure will be awarded 1.5x bounty
- IDORs on Eats, Riders, Driver, Restaurant, U4B, Fleet, Freight will be rewarded 2x bounty; Anything else not listed in the targets will receive a 1.25x bounty!
- Chained vulnerabilities will be rewarded a 3x bounty
- SSRF/LFI will be rewarded a 2x bounty
- Software supply chain will be rewarded 2x
- If the overall vulnerability does not meet High or Critical severity, it will receive a normal bounty [does not qualify for this promotion].
- For all reports, regardless of severity, we are even adding a special bonus of $500 for all reports that provide scripted POCs!
All bounties will be paid normally in April regardless of whether or not they qualify for this promotion. We will award bonuses for all qualifying reports and determine extra bonus winners by May 15th.
We can’t wait to see what you come up with. Happy Hacking!