UberCENTRAL, Uber's portal to help businesses facilitate rides for clients, has a vulnerability that may have leaked the names, email addresses, and unique ID of all Uber users. Tech
student Kevin Roh discovered the weakness. The issue is related to an insecure direct object reference, or IDOR vulnerability. Read the whole story at Threat Post »