Indian Hacker Pinpoints Twitter's Loophole; Gets Handsomely Rewarded

BENGALURU: Avinash Singh, an Indian White Hat hacker discovered a security flaw in Twitter, the popular microblogging website. The flaw existed in the company’s Vine video-sharing service, allowing the hacker to effectively access the whole cache of its online code. Making an effort to appreciate the exceptional discovery and skills, Twitter awarded the tech genius with an amount of $10,080. Singh reported the loophole to the company on 31^st March through HackerOne, a bug bounty startup. The company quickly responded to the hacker’s report and fixed the flaw within five minutes.

While checking for various kinds of vulnerabilities using the censys.io, Avinash discovered a Docker image for Vine, reports the Hacker News website. Docker is an open digital platform specifically designed for system administrators and developers across the globe. With a wide array of libraries and codes, the platform includes every feature needed to effectively build, run and ship distributed applications on the cloud, laptops or data center VMs.

Vine’s entire code was stored as a part of the Docker image which was used to host the website. The server was managed by Amazon Web Services and was supposed to be privately secured, granting no access to unauthorized users. But, it turned out to be public, and the Indian hacker was able to access and get the Docker image.

In a recent blog-post, the hacker explained that he was able to view Vine’s entire source code, its API keys, third party keys and other forms of secure information.

"Even running the image without any parameters was letting me host a replica of Vine locally," adds Avinash.

Anand Prakash, a hacker from Bengaluru also received $15,000 from Facebook for reporting a bug that had the potential to expose the secure information of 1.6 billion users.

Read Also: Bored of Catching Pokemons? How about Cats?
Google Looks Beyond Cardboard 2.0 VR Headset