Three hackers have found eight holes in Uber that could allow fake drivers to be created and user email addresses reveal, and found more than 1000 of valid coupon codes including one giving drivers $100 extra in fare rides.
The team of Vitor Oliveira @r0t1v , Fábio Pires @fabiopirespt , and Filipe Reis @fjreis of Portugal-based consultancy Integrity described six of the since patched flaws.
They kept details of the remaining holes under wraps until Uber issues fixes.
"After a couple of hours, we found out two open redirects that we reported right away," the hackers say.
They abused the Uber help section to find user email addresses, peered into requests during fare splits to find a passenger's picture, UUID, and phone number, and find driver and passenger trip details including the full directions of fares which can be plotted on a map.
Of those, the most valuable was a $100 Emergency Ride Home code that if applied would hand drivers a further $100 on top of regular fares.