Skip to main content

Vine bug may have exposed users’ email addresses and phone numbers

vine cofounder wants to create follow up app
An unknown number of Vine users may have had their email addresses and phone numbers exposed for up to a day, it’s been revealed.

Twitter, which owns the video-looping site, has been contacting users to inform them of the breach.

Vine fans will recall all too well how Twitter ended users’ ability to upload content to the app at the start of 2017, replacing it with the Vine Camera app that lets users create videos for Twitter or simply save them to a phone. The Vine website now acts as an archive for the millions of videos created by its users over the service’s three-year lifespan, and it’s this site which appears to have been at the center of the breach.

In a message sent directly to Vine account holders, the social media company said it’d recently discovered that users’ email addresses and phone numbers had been exposed. No passwords or other personal data are thought to have been involved.

It reassured users that the information “can’t directly be used to access your account, and we have no information indicating that it has been misused,” adding that it fixed the bug within 24 hours of its discovery.

As a result of the incident, Twitter urged Vine account holders to be “cautious if you receive emails or text messages from unknown senders. Please keep in mind that Vine will only send you communications from @twitter.com, and we will never send emails with attachments or request your password by email.”

Twitter later posted a public message on Medium containing essentially the same information it sent to users.

It’s not clear how or where the data may have been viewed, and it’s quite possible nothing will come of it, but Twitter deemed the incident serious enough to inform users and warn them to be wary of suspicious-looking emails.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Tumblr promises it fixed a bug that left user data exposed
Tumblr

Tumblr says it has sorted out a bug on its site that could potentially have revealed user data.

The New York-based company said on Wednesday, October 17 that it had "some important information" that it wanted to share, before going on to explain about the security flaw.

Read more
Timehop data breach may have compromised 21 million email addresses
what facebook users should know about cambridge analytica and privacy mobile v1

Names and email addresses of as many as 21 million Timehop users may have been compromised as a result of a data breach that occurred on July 4. Timehop, a service that aggregates old photos and posts from various social media accounts -- including Facebook, Instagram, Twitter, Google Photos, and Dropbox -- discovered the attack on its service as it was unfolding, but it took several hours for the company to contain the breach.

"On July 4, 2018, the attacker(s) conducted activities including an attack against the production database, and transfer of data," the company revealed a few days following the breach. "At 2:43 pm U.S. Eastern Time the attacker conducted a specific action that triggered an alarm, and Timehop engineers began to investigate. By 4:23 p.m., Timehop engineers had begun to implement security measures to restore services and lock down the environment."

Read more
Researcher claims to bypass iPhone security limits, but may have spoken too soon
samsung galaxy note 9 vs apple iphone x 1

For a brief moment, it seemed as though a security researcher had found a way to get past the security limits on iPhones and iPads by entering an infinite number of passcodes in order to hack into a device. The purported vulnerability was apparently even present in the latest version of iOS, 11.3, but Apple has now pushed back on these claims, and the researcher also appears to be backtracking on his initial findings.

When attempting to access a locked iPhone or iPad, users generally have a set number of passcode attempts to make before being locked out. You can even set your Apple device to automatically erase its contents if a hacker continuously attempts to guess your passcode. But according to Hacker House cybersecurity firm co-founder Matthew Hickey, if an iDevice is plugged in and a hacker tries to send keyboard inputs, it sets off an interrupt request that supersedes all other commands on the device. This, Hickey said, would allows hackers to send every single possible passcode combination in a single string, and because it wouldn't give Apple's software any respite, the inputs would take priority over any data-erasing security feature.

Read more