Microblogging website awards Indian-origin Avinash Singh for discovering security loophole in its Vine video-sharing service
India At Large staff
Microblogging website Twitter awarded Avinash Singh, an Indian-origin White Hat hacker, $10,080 for discovering a security loophole in its Vine video-sharing service. The flaw enabled Singh to access the entire cache of Vine’s online code.witter in March and was awarded with $10,080, through a bug bounty startup called HackerOne, reports The Times of India.
According to a report by Hacker News website, the hacker discovered a Docker image for Vine while looking for vulnerabilities using censys.io. For those unaware, Docker is an open digital platform for developers and system administrators. From code to libraries, it includes everything required to build and run applications.
The complete code for Vine was stored as part of a Docker image, used to host the site. The server was on Amazon Web Services and ideally should have been private. But, it was public and using Censys, Singh was able to discover the Docker image.
In a blog-post, Avinash Singh explained that he was able to see the entire source code of Vine, its third party keys, API keys and other information. He further added: “Even running the image without any parameters was letting me host a replica of Vine locally.”
He reported his findings to Twitter on March 31, and they fixed the issue within 5 minutes.
Recently, a Bengaluru-based hacker, Anand Prakash, claimed he received $15,000 (approximately Rs 10 lakh) from Facebook for reporting a bug that could have put the social network’s 1.6 billion users at risk.
In a blog post, Prakash wrote that on February 22, he had found a simple vulnerability that could have been used to hack into any user’s Facebook account and get access to their credit or debit card details, personal pictures and messages.
The 22-year-old, who works at Flipkart as a security engineer, describes himself as a ‘bug bounty’ hunter, and says he has earned around Rs 1.2 crore just by reporting bugs to Facebook, Twitter and a host of other US-based big technology companies.