phishing securityAccording to Bleeping Computer, Seif Elsallamy, a security researcher, has discovered a vulnerability in Uber’s e-mail servers that allows anybody to send email on Uber’s behalf.

Mr. Elsallamy warns that in addition to sending out phishing e-mails to the general public, this vulnerability could be used by bad actors to send phishing emails to a list of about 57 million Uber customers whose emails are already on the dark Web as a result of Uber’s 2016 data breach.

Potential phishing e-mails sent from Uber’s server are technically “from Uber” and will likely make it past spam filters. It will be very difficult to discern between real emails and phishing emails since they will both originate from the same servers.

Until Uber fixes this issue, we urge everyone to be wary of unsolicited password reset requests, credit card update request or personal information request sent from Uber’s e-mail servers.

Leave a comment

Your email address will not be published. Required fields are marked *