On December 12 2016, the bug bounty hunter Fran Rosén published a sub-domain takeover affecting Uber.
Fran Rosén detected that the sub-domain rider.uber.com failed for three hours, as it was pointing to a non-existent Cloudfront instance instead, as shown in the following screenshot:
Fran Rosén took advantage of this and claimed the sub-domain in Cloudfront, creating the following proof of concept:
The impact of this was critical, despite being a temporary error from Uber, as it is one of the most-visited URLs in the Uber application.
If you want to read more about this bug, visit the following link: https://hackerone.com/reports/175070.