On December 12 2016, the bug bounty hunter Fran Rosén published a sub-domain takeover affecting Uber.

Fran Rosén detected that the sub-domain rider.uber.com failed for three hours, as it was pointing to a non-existent Cloudfront instance instead, as shown in the following screenshot:

Fran Rosén took advantage of this and claimed the sub-domain in Cloudfront, creating the following proof of concept:

The impact of this was critical, despite being a temporary error from Uber, as it is one of the most-visited URLs in the Uber application.