Indian hacker awarded Rs 6.8 lakh by Twitter for discovering Vine’s source code

Indian bounty-hunter Avinash Singh, who goes by the handle @avicode on Twitter, discovered a major flaw in Vine’s source code, for which he got paid $10,080 (approximately Rs 6.8 lakh).

Avinash posted his discovery on a blog post and stated that the source code was for a while available on what was supposed to be a private Docker registry. He said, “I was able to see the entire source code of Vine, its API keys and third party keys and secrets. Even running the image without any parameter, [it] was letting me host a replica of Vine locally.”

A report by The Hacker News points out that while searching for the vulnerabilities in Vine, he used Censys.io, which is an all new Hacker’s Search Engine similar to Shodan, which daily scans the whole Internet for all the vulnerable devices.

The 23-year-old bug bounty hunter reported his finding to Twitter on March 31 and it was reportedly removed within five minutes. According to the report, Avinash has been an active bug bounty hunter since 2015 and until now has reported 19 vulnerabilities to Twitter.