A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the Spoutible API Security consultant Troy Hunt has been tipped off about the API by an individual who shared a file with 207,000 Spoutible user records – supposedly scraped via the API – and an URL that would allow Hunt to do the same with his own … More

The post Spoutible API exposed encrypted password reset tokens, 2FA secrets of users appeared first on Help Net Security.