Ten thousand dollars really isn’t much for a company like Twitter, but it’s a hard day’s work for most of us. White Hat hacker, Avinash Singh, discovered a security hole that allowed him to access the entire cache of online code for Vine, Twitter’s short-video service. Singh reported the security lapse to Twitter in March, and the company awarded him $10,080, through a bug bounty startup called HackerOne.
Interestingly, Singh had discovered the code while tinkering with Censys.io, a search engine that scans networks to help hackers identify vulnerable Internet-connected devices. Singh explained in a blog post, that he could see the entire source code of Vine, it’s third party keys, API keys and other secrets. “Even running the image without any parameter, was letting me host a replica of VINE locally,” wrote Singh, on his blog, called Whiskey Tango Foxtrot.
Further, it is worth noting that Twitter’s bug bounty payouts are always divisible by 140, which is why Singh’s payout was $10,080. It’s of course a homage to Twitter’s 140 character limit for the tweets users make. Singh has explicitly mentioned in his post that he doesn't intend to share Vine's source code, and Twitter has already plugged the leak. In fact, Singh, whose online handle is avicoder has publicly refuted comments on his blog post, from other hackers asking for the source code. "I respect the NDA and fine line between black hat/white hat," wrote Singh.