Wednesday, November 14, 2018
MobileTechPinoy

Hype OTP Bug Could Allow Users to Book Free Rides on Someone Else’s Credit Card!

Uber left a hole in our hearts with its departure and not everyone is satisfied with Grab at the moment. Other¬†Transport Network Companies have stepped in to try and pick up where Uber left off. While they’re far from perfect, Hype in particular has a nasty bug that could potentially allow users to book free rides — but with an unpleasant side effect.

For those who haven’t tried out Hype yet, it doesn’t have a feature to sign in via Facebook or other social network yet. Its means of recognizing individual accounts is through your mobile number. Interestingly, it forgoes the password option and instead uses an OTP sent to the mobile number you’re using to sign in. Sounds straightforward, right?

 

Unfortunately, the OTP method Hype is using right now always uses “1234”. So you could just randomize the mobile number you’re entering and potentially sign in on someone else’s account. And because Hype has the option to pay with a linked credit or debit card, you could even book a free ride — on someone else’s card.

The current version of the Hype app is at 1.0.4 and is where this issue has been observed. Hopefully, the Hype OTP bug gets resolved soon, especially if there are already users with linked cards on their accounts. I’ve already reached out to them via their Contact page and will hopefully get a response soon.

About The Author

Back when I started MobileTechPinoy in 2012, phablets weren't a thing yet. I enjoyed the stares I got from iPhone owners whenever I whipped out my Samsung Galaxy Note at the time. I'm much more budget-conscious these days though and am perfectly fine with using phones from any of our locally brands.