The API was not properly secured, and the application code implementing it should have been changed to prevent this from happening.
Discription

The impact of the incident

In this case, a hacker used an automated script to create more than 1 million fake accounts on the app in order to access information about other users. The firm then had to spend time manually reviewing all those new user profiles for any sensitive data that could be exposed publicly. In addition, they also had to review each account created by the hacker and delete them as well. This took some time since there were so many accounts involved – around 3 billion records in total! It is estimated that it will take several weeks before everything has been reviewed and fixed up correctly
https://t.co/PI67gvv0NG

Back to Main