Twitter Inc (NYSE:TWTR) has paid out roughly $10,000 to an Indian hacker Avinash Singh after he discovered that the source code for vines was available to the public.
The company introduced vines as a video-based platform that allows users to upload videos up to six seconds long that can also be looped. Avinash was reportedly hunting for vulnerabilities when he stumbled across a Docker image for Vine. The hacker was using Censys.io at the time of the discovery. Censys.io. is a public search engine that allows users to make quick inquiries about networks and hosts on the internet. A Docker, on the other hand, is a container that features everything that is required to run software including libraries, tools, system and code. It is more flexible than a system image despite similarities and this allows it to be used widely.
Singh found that the status of the image was public rather than private. The entire code for Vine was contained in the Docker image that was used to host the site. The vine server was hosted on Amazon Web Services (AWS) from Amazon.com, Inc. (NASDAQ:AMZN). The hacker reported the matter to Twitter in March 2016. The social network firm then quickly fixed the problem and awarded Singh with the bounty. Twitter has a policy through which it awards bug bounties to individuals that report them.
Singh not only found the error involving the system image, but he also managed to boot a virtual replica of the video service on his PC. Cybersecurity blogger Paul Ducklin stated in a post that creating homepage Vine Mockups with fake logins is not necessary when it is possible to run an already prepared version that looks similar to the original. Twitter also released a statement revealing that the issue was fixed within five minutes after the report was filed. The statement also pointed out that the firm has taken extra measures to make sure that its systems remain safe.