Hacker paid only $10,000 after discovering Vine’s entire source code

Bradley Wint
Jul 28, 2016 11:50pm AST
Photo: Vine

It looks like someone stumbled upon a major Twitter boo boo after they discovered Vine’s entire source code out in the internet wild.

Avinash, an Indian bug-bounty hunter, set out looking for loopholes within Vine, Twitter’s popular short-video sharing service. He used a website called Censys.io to look for subdomains belonging to Vine which should not be in the public’s eye.

He looked for subdomains as it could potentially provide an entry point into the website.

During his search, he came across https://docker.vineapp.com, which was being hosted on an Amazon EC2 virtual server.

Even though the domain did not really show anything useful at the time, he did some Googling and found that Vine was hosting over 80 different developer images on the Amazon server via an app called Docker. Rather than going through each one of them, he tackled an image called vinewww.

He hit big time after discovering the entire website’s source code, API and third party keys, and other secrets.

Get your daily tech burst in your inbox!

He was also able to set up a local copy of the website on a VM without much hassle.

vine-local

After reporting the problem to Twitter and replicating his actions, they agreed that they needed to fix the issue, and shut down public access within 5 minutes.

Avinash was paid Rs. 680,000 (which converts to a little over US $10,000) for his efforts.

Maybe it’s just me, but I felt as though Twitter could have forked out a little more than than given that their entire website’s source code was publicly available (even though not accessible by John Doe). I guess that’s the price that comes with white hat hacking though.

Stay in the know

Subscribe to the Try Modern Tech Daily Digest for the latest tech news stories, deals, and how-to's in your inbox!

Founder/Executive Editor
PGP Fingerprint: EF2C 9B80 085C C837 3DA3 995D A864 F801 147F E619 | PGP Key
More From Technology

You can pre-order your gold-plated iPhone X starting at $7,495, with the top model costing $70k

By - Sep 11, 2017 11:06pm AST
With the iPhone X and 8 set to be announced on the 12th, iPhone accessory manufacturers are already busy at work putting the final touches on their cases and other… Continue Reading

Half of U.S. population’s data exposed in huge Equifax data breach

By - Sep 8, 2017 12:39am AST
Equifax, a US-based credit reporting agency, has confirmed that sensitive consumer data belonging to over 143 million customers was compromised earlier this year. According to the official press release, hackers… Continue Reading

YouTube-MP3.org closes under legal pressure

By - Sep 6, 2017 11:42pm AST
Popular stream ripping site YouTube-MP3.org, will finally close its doors after being slammed with a legal complaints by 15 of the top global record labels. The site which allows you… Continue Reading