I recently found a flaw in the lockout mechanism Twitter has in place to protect accounts from unauthorized access. This flaw resulted in a complete bypass of the verification page which is presented to users if their account is locked. An attacker would’ve required previous knowledge of the victim’s account password to exploit this issue. Twitter usually […]Read more "Bypassing Twitter’s account lockout protection"
The 2014 Snapchat leak was a huge blow to the privacy of the app’s users. The leaked data contains over 4 million usernames along with their partially censored phone numbers. The leak was first available on SnapchatDB.info, but the download was taken offline shortly after. Retrieving the last two digits Head over to the forgot password page on Facebook (or Twitter) and enter […]Read more "Extracting full phone numbers from the leaked Snapchat database"