Uber pays out $375K in bug bounties during challenge in London

Uber laid out $375,000 to bug bounty hunters during a live hacking event held in London with partner HackerOne.

The bounties, which ranged from $500 to $50,000 each, were handed out in real-time during the eight-hour event that brought more than 50 hackers together to hunt for vulnerabilities.

“Working with hackers to find and resolve vulnerabilities is an important part of Uber’s ongoing commitment to safety, which includes the security of our products,” Lindsey Glovin, bug bounty manager at Uber, said in a release. “Our relationship with the research community is critical to the success of our bug bounty program and live hacking events give us the opportunity to thank them in-person while amplifying the value they contribute to Uber’s security efforts.”

British hacker Tomnomnom, who picked up the Most Valuable Hacker award, called the community “welcoming and supportive” and noted others were quick to offer congratulations when he landed a large payout. “And to win the Most Valuable Hacker award on top of that? It’s just indescribable,” the hacker said.

Uber launched its bug bounty program in March 2016.

"It’s important to us to identify and develop diverse new hacker talent,” HackerOne Security Engineering Lead Laurie Mercer said in the release. “The mentoring track helps us encourage the next generation of hackers to try their bug hunting skills, and provides one on one training and on-site mentoring to help introduce less experienced hackers to the common tools and techniques. This year is the first time that a mentee has actually found, not one but two, bugs, proving that beginners with a fresh pair of eyes can make a big difference.”

In the aftermath of revelations that the car-sharing service kept a 2016 breach hidden for a year and paid ransom to a hacker, it tweaked its bug bounty program to prevent further missteps.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.