A product security engineer named Anand Prakash from India has found a bug allowing free rides in the Uber app. According to him it was easy to overwrite the application and get free rides for lifetime.
He found it during his search for security loop holes in the application. To check the accuracy of bug, he made trips in India and US without paying any money.
The rides were taken with the permission of Uber after alerting them about the malware.
The bug was related to the payment method application developed. Using an invalid code let Anand use Uber rides for free.
Uber officials had been warned about the possible exploitation by Anand and they have fixed the errors. So, bad luck if you are trying to exploit the weakness.
They also awarded Anand Prakash a handsome amount through their bug bounty program for finding and bringing the issue to their notice.