In this write-up we will show you how Seekurity team was able to harvest all the user’s private/custom activities leaves more than 20 million private custom activities data in danger.
First of all, this write-up is not a new one and the discovery itself is dated back to 2017 but we decided to disclose it right now after we gave Fitbit the reasonable amount of time to patch the vulnerability and to protect the health data about the users!
Continue reading “Fitbit – APIs and Access Control Failures, a simple API bug allowed to harvest millions of user private activities!”
Hi Guys, Today i would like to show you how a single misconfiguration issue would jeopardize the user’s privacy if maliciously exploited hence hijack user “access_token” from Microsoft Office360 facebook App. Microsoft decided that this Office365 facebook app is NOT under their Microsoft Online Services bug bounty scope although we proved that our discovered bug can result in stealing Microsoft Office facebook App Access Token and that’s due to a misconfiguration in Microsoft Office Facebook App itself.
Continue reading “Hijacking User’s Private Information access_token from Microsoft Office360 facebook App”