Photo: Vine

Hacker paid only $10,000 after discovering Vine’s entire source code

Bradley Wint
By - Founder/Executive Editor
Jul 28, 2016 11:50pm AST
Photo: Vine

It looks like someone stumbled upon a major Twitter boo boo after they discovered Vine’s entire source code out in the internet wild.

Avinash, an Indian bug-bounty hunter, set out looking for loopholes within Vine, Twitter’s popular short-video sharing service. He used a website called Censys.io to look for subdomains belonging to Vine which should not be in the public’s eye.

He looked for subdomains as it could potentially provide an entry point into the website.

During his search, he came across https://docker.vineapp.com, which was being hosted on an Amazon EC2 virtual server.

Even though the domain did not really show anything useful at the time, he did some Googling and found that Vine was hosting over 80 different developer images on the Amazon server via an app called Docker. Rather than going through each one of them, he tackled an image called vinewww.

He hit big time after discovering the entire website’s source code, API and third party keys, and other secrets.

He was also able to set up a local copy of the website on a VM without much hassle.

vine-local

After reporting the problem to Twitter and replicating his actions, they agreed that they needed to fix the issue, and shut down public access within 5 minutes.

Avinash was paid Rs. 680,000 (which converts to a little over US $10,000) for his efforts.

Maybe it’s just me, but I felt as though Twitter could have forked out a little more than than given that their entire website’s source code was publicly available (even though not accessible by John Doe). I guess that’s the price that comes with white hat hacking though.

Stay in check with our daily burst of news stories delivered to your inbox.

Read more

The 9 best vlogging cameras for 2018

Entertainment - Even with the YouTube apocalypse, vlogging is still a huge deal. Last year we talked about some of the top…

By - Jan 19, 2018 1:42am AST

YouTube and Facebook pull Tide Pod Challenge videos because people are stupid

Social Media - It’s a new year and people are already doing dumb things for their 15 minutes of internet fame. Both Facebook…

By - Jan 18, 2018 11:10pm AST

Apple will soon allow you to disable battery management software on older iPhones

Mobile - After a wave of mounting criticism, lawsuits, and PR statements, Tim Cook has announced that users will now have the…

By - Jan 18, 2018 3:21am AST

7 things the media gets wrong about air travel and aviation

Travel - When there is ‘trouble’ in the sky, there tends to be ‘trouble’ with the reporting as well. Many news agencies,…

By - Jan 18, 2018 1:47am AST

Apple issues iOS 11.2.2 to address Spectre vulnerability

Mobile - In the wake of the industry-wide Spectre and Meltdown chip flaws, Apple has issued a security update for iOS 11…

By - Jan 8, 2018 2:55pm AST

Social media “Fear Of Missing Out” detrimental to our mental well-being

Science/Space - Human beings generally see themselves in the best light possible compared to others. This psychological phenomenon is called illusory superiority….

By - Jan 2, 2018 11:50pm AST

Passengers on Hawaiian Airlines flight celebrate New Year’s Day twice due to delay

Travel - Passengers on board a Hawaiian Airlines flight from Auckland, New Zealand to Honolulu, Hawaii were able to celebrate New Year’s…

By - Jan 1, 2018 11:13pm AST

LG shows off world’s first 88-inch 8K OLED display for CES 2018

Technology - LG is stepping up the display game with the unveiling of a world first 88-inch, 8K OLED display. When compared…

By - Jan 1, 2018 10:33pm AST

How to fix Samsung Galaxy Note 8 charging issues

Technology - Some Samsung Galaxy Note 8 customers have run into a peculiar situation where their phones refuse to charge after being…

By - Jan 1, 2018 12:31am AST

Apple apologizes for iPhone slow down; offers battery replacement for $29

Technology - After lots of press blow back, Apple has finally given in to the whole battery fiasco, issuing a letter of…

By - Dec 31, 2017 1:55pm AST