A researcher netted a $9,000 bounty last summer after digging up a vulnerability in a third-party backup software system used by Uber. The vulnerability could have given an attacker access to the user backup data of any company using the software, including Uber, including the National Park Service. The issue appears to have existed in Crashplan, a service provided to Uber by Code42, a Minnesota-based company that backs up data for companies in real time. Uber says the vulnerability was patched in May 2016 but wasn t disclosed until this week.
Source: https://threatpost.com/uber-com-backup-bug-nets-researcher-9k/123370/