Security researcher Seif Elsallamy discovered a flaw in Uber’s systems that enables anyone to send emails on behalf of Uber.
These emails, sent from Uber’s servers, would appear legitimate to an email provider (because technically they are) and make it past any spam filters.
The researcher who discovered this flaw warns this vulnerability can be abused by threat actors to email 57 million Uber users and drivers whose information was leaked in the 2016 data breach.
