A Hacker has attacked Twitter for its Vine source code and scored himself a $10,080 bug bounty.
"I started participating in various VRPs in 2015 and have been very active since then. Especially in the Twitter bug bounty programme since the response is quick and they release bounty as soon as the bug is triaged," he said.
"As Vine is within the scope of Twitter VRP, I started looking at the various points of entry I could access.
“No surprise, he found one, and a pretty good one at that as it paid off for him to the tune of a $10,080 bounty.
Avinash found that Vine’s source code was publicly available, and was also able to see its API keys and third-party keys and secrets.
Even running the image without any parameter, was allowing him to host a replica of Vine locally.
In other words, someone with ulterior motives would not have to create a mock-up of the Vine’s services or create fake log-in screens to fool a user.
The open source code would be like offering bait to phishing gangs on a silver platter.