Hacker says Twitter awarded him $10,000 for finding a flaw in their code

The Indian hacker discovered he could easily get hold of Twitter's 'Vine' source code

Hacker says Twitter awarded him $10,000 for finding a flaw in their code

Picture by: Twitter / PA Wire/Press Association Images

An Indian hacker called Avinash Singh said he was awarded over $10,000 for fixing a flaw in Twitter's video app Vine's code.

Singh, who goes by the nickname 'avicoder', uncovered a security hole that allowed him to easily access the cache the code of Twitter's video service 'Vine' online. He reported the issue to Twitter in March.

In a blog post, Singh described how he accessed the content which he said was easily available.

"As Vine is within the scope of Twitter VRP, I started looking at the various points of entry I could access.

"When I tried to access it via the browser, it shows /* private docker registry */ in the response.

"If it is supposed to be private, then why is it publicly accessible? There has to be some thing else to going on here."

According to Singh, the company fixed the problem within five minutes of him reporting it and awarded him $10,080 in return for pointing out the flaw.

The money was awarded to Singh through a partner, bug bounty startup called HackerOne, which enlists hackers to improve the security of big name apps and online technologies such as Dropbox and Uber.

A Vine spokesperson told Fortune :

“We fixed this issue within five minutes of it being reported to Vine through Twitter’s Bug Bounty program.  

“We also took precautionary steps like revoking and reissuing credentials to ensure that our systems remain safe.”

Vine is a popular six-second video service that Twitter bought in 2012. Since then the app has produced several 'professional Viners' who make a living from creating these short videos.

Without Singh's discovery, there was the potential for many of these accounts to be compromised.