Video and picture drip through misconfigured S3 buckets
Typically for images or other asserts, some sort of Access Control List (ACL) will be set up. For assets such as for instance profile photos, a standard method of applying ACL will be:
The important thing would act as a “password” to gain access to the file, plus the password would simply be provided users who require use of the image. When it comes to an app that is dating it is whoever the profile is presented to.
We have identified several misconfigured buckets that are s3 The League through the research. All photos and videos are inadvertently made general general general public, with metadata such as which user uploaded them as soon as. Continue reading “Therefore I reverse engineered two apps that are dating.”