There's no way a professional could make a living off what they pay.
Well, duh, that's exactly what such programs suggest to me: a way to AVOID getting a professional involved. Let's not spend any money on doing it right but patch as often as Microsoft afterwards, and we crowdsource the bug detection so we don't have to pay much.
That is, until it emerges that there are really a LOT of bugs, at which point you have two choices as a company:
1 - pay those who have found genuine bugs, admit you screwed up and start again
2 - change the goalposts, don't pay people and leave both the impression that you're both cheap and unreliable (no news here), and that your code has serious problems that you really, really don't want to talk about (which is what I read out of those changes).
Outcome 1 would have gotten my respect and would have been a hint that the company does have some idea of how to keep user details safe (such as person, address, travel routes and payment data), however, it appears outcome 2 is in play, which suggest you shouldn't touch these shyster's code with a 10ft barge pole. But hey, it's Uber. If outcome 2 is a surprise to you you really haven't been paying attention much.