Spoutible API exposed encrypted password reset tokens, 2FA secrets of users

A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the Spoutible API Security consultant Troy Hunt has been tipped off about the API by an individual who shared a file with 207,000 Spoutible user records – supposedly scraped via the API – and an URL that would allow Hunt to do the same with his own … More →

The post …

2fa account hijacking accounts api api security can consultant data breach don't miss encrypted exposed file hijack hot stuff hunt information may media media platform password password reset platform problem reset scrape secrets security security consultant social social media social media platform spoutible threat threat actors tokens troy hunt vulnerability