• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 8th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Uber Petition Website Hacked- Hacker Uploaded Ad of Rival Firm Lyft

June 16th, 2015 Waqas Hacking News 0 comments
Uber Petition Website Hacked- Hacker Uploaded Ad of Rival Firm Lyft
Share on FacebookShare on Twitter

Due to a security flaw, researcher Austin Epperson took control of a page of Uber’s website and displayed the ad of its arch-rival Lyft.

Security researcher Austin Epperson proved that Uber’s website was exploitable by hacking one of its micro-site. However, Epperson didn’t steal personal data nor did he spread any malware but to prove his point he displayed its rival firm Lyft’s ad.

Epperson was able to exploit Uber’s webpage through a flaw in a new petition, which was launched to convince San Francisco government to let the firm operate on Market Street.

Image Source: This should be fixed.

Image Source: This should be fixed.

Uber explained that the micro-site that got hacked wasn’t linked to any user login database.

Epperson used Uber’s petition and let the word “zipcode” be submitted as his zipcode. This was a red flag, which online forms use to only accept numbers for that field.

He also tried to enter special characters such as # and < and it was accepted. This was another setback for an online survey because letting special characters be submitted means hackers can take control of the website easily by submitting any code.

Epperson used this flaw in Uber’s petition to trick the company. He not only displayed Uber’s rival firm Lyft’s ad but also created a script through which users can enter code automatically. He also entered more than 1,000 signatures per minute using numerous different web browsers. He also changed the page to make it appear as it Uber was petitioning to convert San Francisco’s Market Street into a big slip & slide.

Epperson revealed that when the hack was done, Uber copied and pasted the code for the petition from an online tutorial about creating a basic online contact form.

This can be termed as Uber’s serious slip-up and hackers could have easily utilized this weakness to enter malicious malware code. This way, attackers could have gained access to personal information of everyone who signed the petition.

Eventually, all of its online petitions were taken down by Uber after the hack and there’s no proof that personal data of any user got stolen due to this flaw.

Watch the video of hack uploaded by hacker:

This is not the first time when something related to Uber was hacked. In past, Uber suffered a massive database breach, exposing data of its 50,000 drivers, following with the hack of Uber USA customers.

  • Tags
  • database
  • hackers
  • hacking
  • security
  • Uber
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Leading Password Security Company LastPass Hacked
Next article Hackers Used 'Stolen Foxconn certs' to Hack Kaspersky Via Duqu 2.0 Malware
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Top Russian hacker forums Maza, Verified hacked; data leaked online

Top Russian hacker forums Maza, Verified hacked; data leaked online

Gab hacked - DDoSecrets leak profiles, posts, DMs, passwords online

Gab hacked - DDoSecrets leak profiles, posts, DMs, passwords online

Cryptocurrency exchange in liquidation due to hack, hacked again

Cryptocurrency exchange in liquidation due to hack, hacked again

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

U.S. DOJ warns of fake unemployment benefit websites stealing data
Cyber Crime

U.S. DOJ warns of fake unemployment benefit websites stealing data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers
Cyber Attacks

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us