Twitter has awarded an Indian white-hat hacker $10080 for uncovering a major security flaw in Vine which exposed its entire source code to the public. The exposure could have caused mayhem if it hadn’t been caught in time.
Avinash Singh, who goes by the code name Avicoder, discovered the massive issue while on the lookout for security vulnerabilities in Vine. His efforts lead him to a domain called ‘https://docker.vineapp.com’ which should have been private but was open for all to see.
Docker is basically an online platform which allows developers to store all the components required to run software like a site’s codes and images. After experimenting with different approaches, Avicoder was able to get access to Vine’s entire source code, API keys, third party keys, and secrets.
He was even able to recreate a highly accurate Vine clone site (seen above) which could have easily fooled anyone into thinking it was the real website. Phishing groups commonly replicate site’s in order to fool people into entering their password and other vital information. Having access to a site’s full source code would have given them free reign to hoodwink scores of people.
Thankfully, Singh decided to report the flaw to Twitter under its bug bounty program instead of going down that route. According to his blog, the site fixed the Vine security hole within 5 minutes and paid him $10080 for alerting them to the problem.
This is notably the second Vine-related security issue which has come to the surface recently. Notorious hacker group OurMine recently hacked Twitter CEO Jack Dorsey and claimed that the parent company can see its users Vine passwords. The microblogging platform strenuously denied these allegations at the time.