http://techcrunch.com/2014/01/30/clinkle-gets-hacked-before-it-even-launches/
By Jordan Crook
@jordanrcrook
TechCrunch
January 30, 2014
Clinkle is the hottest app around to have done mostly nothing. The stealth
payments service, which has raised $30 million from big-name investors,
has yet to publicly launch. But that doesn’t mean it can’t be hacked.
Today, a guest user posted a list of 33 usernames, user IDs, profile
photos, and phone numbers to PasteBin. Based on the data provided, it
seems as though these users are Clinkle employees who are testing the app.
Founder Lucas Duplan is on the list (yep, that’s his Clinkle profile pic,
shown above), as well as former Netflix CFO and Clinkle COO Barry
McCarthy. Former PayPal exec Mike Liberatore, now Clinkle CFO, is also
listed.
The data was seemingly accessed through a private API that Clinkle has in
place. Referred to by the hacker as "typeahead", the API appears to be the
basis of an autocomplete tool, allowing uses to type a single letter (like
'A') and find all usernames starting with that letter (like 'Adam' and
'Andrew'). [Note: Twitter has a similar tool with the same name -- it's
unclear if they're one and the same.]
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
