Spoutible API Exposed Encrypted Password Reset Tokens, 2FA Secrets of Users
Spoutible API Exposed Encrypted Password Reset Tokens, 2FA Secrets of Users
07 February 2024
The social media platform Spoutible had a publicly exposed API that allowed hackers to scrape sensitive user information, including hashed passwords, authentication seeds, and password reset tokens.