Twitter’s £7,569 reward for Vine hacker

Social media site Twitter has awarded $10,080 [£7,569] to a hacker who discovered a security flaw in Vine, the company’s short video site.

Avinash Singh was able to discover a security flaw in Vine, and was paid through Twitter’s Vulnerability Rewards Programme (VRP).

These kinds of programmes reward so-called ‘white-hat hackers’, who look for possible exploits and security issues on websites in order to report them to the site-owner.

Speaking on his blog, Avinash, said: “I started participating in various VRPs in 2015 and have been very active since then.

“Especially in the Twitter Bug bounty program since their response is quick and they release bounty as soon as the bug is triaged”.

The hacker, who is known as ‘avicoder’ online, also gave a technical explanation of the issue he encountered, explaining he could see the ‘entire source code of vine, its API keys and third party keys’.

He added that: “Even running the image without any parameter, was letting me host a replica of VINE locally”.

Twitter states on their HackerOne page, the site they use to rewards bounties for white-hat hackers, that maintaining security is a ‘community’ effort.

The reward for discovering an issue is a minimum of $140 [£105], and there is no upper limit, while a ‘Remote Code Execution’ vulnerability with Twitter’s core site earns a minimum $15,000 [£11,264].

TNT Business


Related News