Tumblr went through a data breach sometime in 2013 resulting in 65 million emails and hashed passwords of Tumblr users being leaked on the internet. The leaked data was missing salts for corresponding password hashes, and because of that, attackers/crackers weren’t able to recover any actual passwords from the dump itself. The issue I’m writing about today was a pretty surprising and easy find. I had […]Read more "Bypassing forced password reset on locked Tumblr accounts"
A few months ago, I had found and reported an access control vulnerability on the Twitter platform. The vulnerability essentially gave suspended users the ability to deactivate their own accounts, allowing them to partially circumvent the account suspension process. Before a fix for this issue was put in place, suspended users were served a slightly modified version of […]Read more "How I helped patch a security vulnerability on Twitter"
The 2014 Snapchat leak was a huge blow to the privacy of the app’s users. The leaked data contains over 4 million usernames along with their partially censored phone numbers. The leak was first available on SnapchatDB.info, but the download was taken offline shortly after. Figuring out the last two digits of a person’s phone number doesn’t sound that hard. Thanks to technology, you […]Read more "Extracting full phone numbers from the leaked Snapchat database"