//Twitter alternative spouts a massive leak

Twitter alternative spouts a massive leak

Illustration by Alex Castro / The Verge

Security consultant and Have I Been Pwned creator Troy Hunt has detailed a vulnerability in the API of Spoutible, a social platform that emerged following Elon Musk’s takeover of Twitter, that could allow hackers to take full control of users’ accounts.

After someone alerted Hunt to the vulnerability, he discovered that hackers could exploit Spoutible’s API to obtain a user’s name, username, and bio, along with their email, IP address, and phone number. Spoutible has since addressed the vulnerability, writing in a post on its site that it didn’t leak decrypted passwords or direct messages, while confirming the “information scraped included email addresses and some cell phone numbers.” It invited anyone who still wants to use the service…

Continue reading…