The vulnerability of “Vkontakte” allowed the hacker to discover the phone numbers of Pavel Durov and Dmitry Medvedev

A hacker with the nickname Alex Rabl found that using bookmarks in a social network “Vkontakte” you can get tied to the user account phone number and email address. Taking advantage of this error, he was able to get the phones mentioned in the accounts of the founder and former CEO of the social network Pavel Durov and the Prime Minister Dmitry Medvedev. This was reported in the group “Code Durov “Vkontakte”.

Information about the existence of the new design of “Vkontakte” error detected by Rebloom, was published on 28 August. It is noted that one of the band members managed to get the phone numbers of Pavel Durov, the operating Director of “Vkontakte” Andrew Mace and the main developer of the social network of Oleg Illarionov.

On August 29 in the community there was an interview with a hacker who said that originally was not going to get a phone number Durov, Mace, Illarionov, as well as the Prime Minister of Russia Dmitry Medvedev, and just wanted to find a new girl’s phone number to reconcile.

“I decided to add her friend to your favorites, so if she is to write. From school break-ins and creating websites do to see the source codes are already in the habit. Here under the tab, I discovered a strange thing.

Server returns more data than you need, including those in closed access. Anyway, in this JSON format: {“name”:”name”, “lastname”:”surname”, “reg_phone”:”closed access”, “email”:”email. address in closed access.”} — in fact, it was only necessary to add a person to your favorites, then a new design he was provided with the room. I managed to get a number of Pavel Durov — I don’t believe it. Then got a room of Dmitry Medvedev — then I realized that this particular gaffe,” – said the hacker.

According to Reble, initially, he did not count on a reward for disclosure, but only decided to draw the attention of the administration of the social network to correct the error. However, representatives of “Vkontakte” asked him to write a report on the HackerOne platform, which the social network uses to pay premiums for the found vulnerabilities. However, according to the recording Rebla issued in the evening of August 29, money he has not yet received.

According to the hacker, the error could have known a significant number of people – to thousands of people. He was surprised by the fact that the administration of the social network warned users about the vulnerability and not asked to change personal data.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *