5 comments

[ 2.8 ms ] story [ 24.9 ms ] thread
Uber will never know the severity of this bug until several user accounts got compromised by someone
I’ll say Uber rejected this due to highly unlikely user interaction required .
There's not really much user interaction required. You just have to engage the victims cell phone when sending the OTP. The voicemail hack doesn't require any user interaction.
I know as shubs, this post interesting and good writeup. thanks! I follow you on twitter!