Pinterest security flaw uncovered

Pinterest has been made aware of a security flaw that could make the personal details of its users accessible to anyone.

Security researcher Dan Melamed discovered the issue, which makes the email address of anybody on Pinterest visible, simply by providing a username or ID.

The expert has recommended that the site checks the owner of the access token against the user whose information has been requested, which would help ensure that data does not end up in the wrong hands.

Pinterest has taken action to rectify the flaw – perhaps after carrying out a security audit of its own – after the severity of a potential breach was recognised.

Melamed explained that a hacker could have set up a bot, which would have been able to retrieve all of the email addresses before using them for spam or other malicious purposes.

A similar issue was uncovered on the site StumbleUpon, which enabled the security researcher to view users' full names, email addresses, age, gender and location.

He noted that by exploiting these two sites, hackers could have access to in excess of 100 million email addresses, which may prove dangerous if they were to be used by hackers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s