Uber is looking to ramp up its cyber security and has launched a bug bounty programme to lure hackers to uncover bugs in its system. The ride-hailing company is offering $10,000 (£7000) to anyone who can expose major security flaws within its system.
In a company blog, Uber said: "We've also created a first of its kind loyalty reward program that is designed to encourage members of the security community to dig deep, helping Uber to deal with even the most subtle bugs."
Uber has also developed a "treasure map" to guide hackers find a variety of bugs within its database. The move is a show of transparency, which Uber hopes will help cybersecurity researchers gain access to "the right information, right from the start".
Chief information security officer at San Francisco-headquartered firm, John Flynn said: "We believe that bug bounty programs are an important part of the modern software development lifecycle. Our unique program combines healthy rewards, a loyalty program, and a 'treasure map' of information to incentivize our community to find even the most subtle bugs as we work together to protect users."
The bounty programme will go live on 1 May, after which hackers will have 90 days to identify bugs and those who successfully uncover four or more issues will be rewarded with a bonus.
Uber's payout scheme has been divided into three main categories. The "medium issues", involving bugs that would allow malicious entities to make changes to a driver's picture or look up a user's identity offers a reward of $3,000. The "significant issues" category involves missing homepage, leaked accounts and private information like emails, date of birth, will offer a reward of $5,000. Finally, the "critical issues" category, which relates to exposure of sensitive user information like social security numbers, credit cards, full account take over etc, offers a $10,000 reward.
Uber has had a rocky year with regards to security, especially given how Uber accounts were sold on the dark web for a mere $4. In 2014, a security breach resulted in over 50,000 Uber drivers' personal information being leaked, which the company failed to report until five months after the breach. Uber was ultimately fined $20,000 by the New York attorney general for the delay in reporting the breach.