A few months ago, I had found and reported an access control vulnerability on the Twitter platform. The vulnerability essentially gave suspended users the ability to deactivate their own accounts, allowing them to partially circumvent the account suspension process. Before a fix for this issue was put in place, suspended users were served a slightly modified version of […]Read more "How I helped patch a security vulnerability on Twitter"
The 2014 Snapchat leak was a huge blow to the privacy of the app’s users. The leaked data contains over 4 million usernames along with their partially censored phone numbers. The leak was first available on SnapchatDB.info, but the download was taken offline shortly after. Figuring out the last two digits of a person’s phone number doesn’t sound that hard. Thanks to technology, you […]Read more "Extracting full phone numbers from the leaked Snapchat database"