Hype OTP Bug Could Allow Users to Book Free Rides on Someone Else’s Credit Card!

Uber left a hole in our hearts with its departure and not everyone is satisfied with Grab at the moment. Other Transport Network Companies have stepped in to try and pick up where Uber left off. While they’re far from perfect, Hype in particular has a nasty bug that could potentially allow users to book free rides — but with an unpleasant side effect.

For those who haven’t tried out Hype yet, it doesn’t have a feature to sign in via Facebook or other social network yet. Its means of recognizing individual accounts is through your mobile number. Interestingly, it forgoes the password option and instead uses an OTP sent to the mobile number you’re using to sign in. Sounds straightforward, right?

 

Unfortunately, the OTP method Hype is using right now always uses “1234”. So you could just randomize the mobile number you’re entering and potentially sign in on someone else’s account. And because Hype has the option to pay with a linked credit or debit card, you could even book a free ride — on someone else’s card.

The current version of the Hype app is at 1.0.4 and is where this issue has been observed. Hopefully, the Hype OTP bug gets resolved soon, especially if there are already users with linked cards on their accounts. I’ve already reached out to them via their Contact page and will hopefully get a response soon.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.