Security Affairs
Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacker found issues in Uber UberCENTRAL Tool that exposed user data

Bounty hunter Kevin Roh has discovered several security vulnerabilities in the Uber UberCENTRAL Tool that exposed user data. Security expert and bounty hunter Kevin Roh has discovered several security vulnerabilities in Uber’s UberCENTRAL Tool that exposed user data. The UberCENTRAL service was launched in July, according to the company it is a dashboard that enables any business to request, manage, […]

Hacker found issues in Uber UberCENTRAL Tool that exposed user data

Bounty hunter Kevin Roh has discovered several security vulnerabilities in the Uber UberCENTRAL Tool that exposed user data.

Security expert and bounty hunter Kevin Roh has discovered several security vulnerabilities in Uber’s UberCENTRAL Tool that exposed user data.

The UberCENTRAL service was launched in July, according to the company it is a dashboard that enables any business to request, manage, and pay for multiple Uber rides on behalf of their customers.

The UberCENTRAL console could be used by operators (i.e. employees) who can request rides for their customers. Administrators can easily add operators using only their email address.

Roh described in a blog post the flaws he discovered during his tests.

The first flaw allows enumerating userUUID via emails, an attacker can send requests with possible email addresses and if the address is associated with an account the server will include the user’s UUID in the response.

If the email address is not valid, the response sent by the server will contain an error.

Below an example of request sent to the server:

POST /admin/api/organizations/[organizationUUID]/operators HTTP/1.1 Host: central.uber.com Connection: close Content-Length: 40 Accept: application/json Origin: https://central.uber.com x-csrf-token: XXXX x-uber-origin: web-central-admin User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Content-Type: application/json Referer: https://central.uber.com/admin/locations Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.8 Cookie: _ua=XXXX {"operatorEmail":"r****@unlv.nevada.edu"}

The attacker could write a simple script that tries all possible values for the ‘operationEmail‘ parameter and analyze all the responses received by the server for each of them.

ubercentral-uber-hacking

The second flaw is similar to the first one, it allows enumerating userUUID via GET request instead email addresses.

Roh found a third flaw that could have been exploited to obtain much more data, including full name, phone numbers, emails and userUUID.

The vulnerabilities were reported to the company between September and October, and the company promptly patched them in October.

Uber awarded the expert Roh under the company bounty program. The hacker received hundreds of dollars for each of the vulnerabilities, the exact amounts have not been revealed.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – UberCentral, hacking)