Uber has finally fixed a vulnerability that allowed bad actors to send emails from Uber’s official email account, but the fix comes seven years after the bug was first reported. Over the years, several researchers have reported the easy-to-exploit vulnerability to Uber – one as early as 2015 – but the rideshare company did not patch the problem until this week. “Uber has a bug bounty program with 1,790 reports resolved,” commented Luis Corrons, Avast Security Evangelist, “so this is not a case of the company not taking care of security, but a human mistake handling the reports of this specific bug. In any case, please remember never to insert any kind of personal data in any link that comes from an email.” It’s not known if the bug was ever exploited, but anyone who has shared personal information in response to an email from Uber over the past seven years is well-advised to change their passwords. For more on this story, see Threatpost.