A researcher earned $9K for identifying a XXE vulnerability in third party backup software used by Uber.
Source: Threadpost