Fortinet Discovers Uber User Information Leakage Vulnerability
Fortinet's FortiGuard Labs has discovered an Information Leakage vulnerability in Uber's Uber.com website.
The Uber.com website is the parent domain owned by Uber Technologies Inc. It serves as the primary method for users to access their Uber accounts.
The Information Leakage vulnerability is caused due to unsafe sanitation of users' Personally Identifiable Information(PII) in some invite/referral links, by Uber. Due to this unsafe sanitation, random users' phone-numbers/email-addresses were leaked to any user visiting the website and checking the response/source code using any browser.
This issue has now been fixed by Uber.
This vulnerability was discovered by Kushal Arvind Shah of Fortinet's FortiGuard Labs.