Back in March, a white hat hacker named Avinash Singh exposed a bug in Vine’s software that allowed him to dump the entirety of the app’s source code online. The code stayed live for a full five minutes before engineers at Vine noticed the bug and fixed it.
Now, several months later, Singh has revealed on his blog the nitty gritty of how he exposed the flaw and brought it to Twitter’s attention.
After scanning Vine’s networks in search of a means of incursion, Singh was led to a subdomain that allowed him to access Vine’s source code. Essentially, the flaw would have made it possible for malicious hackers to mimic Vine’s features to nefarious impact. For his troubles, Singh was awarded a £7,500 ($10,080) bounty from Twitter through bounty hacker site HackerOne.
A show of generosity on this level isn’t unheard of, but it is uncommon and might speak to Twitter’s relief that their flagging video medium has one less potential problem. Once one of social media’s favorite toys, Vine has seen a dramatic decrease in its top users who are abandoning the platform for a multitude of reasons. From the superior tech of competitors like Snapchat and Instagram to Vine’s reputation for failing to intervene in instances of bullying and abuse, the social media app is in for a tough road ahead.