Details of Clinkle Employees Leaked Through Vulnerable


Clinkle hacked

Payment service Clinkle hasn’t been officially launched yet, but tens of millions of dollars have been invested in the company and some big names have come on board. However, someone already claims to have hacked Clinkle.

An unknown individual has published on Pastebin the names, user IDs, photo URLs and phone numbers of Clinkle employees, including the details of the company’s founder, Lucas Duplan, its CFO, Mike Liberatore, and COO Barry McCarthy.

“Results from Clinkle typeahead API. It requires no authentication. The app stores writes results to disk automatically. This is much worse than Snapchat’s breach. Phone numbers masked as courtesy,” the hacker wrote next to the leaked data.

TechCrunch explains that this particular API, which is similar to one used by Twitter, is sort of an autocomplete tool. When users type a certain letter, all usernames starting with that letter are displayed.

By using a vulnerability in the API, the hacker has been able to gain access to information on the Clinkle employees who have been testing the app.

Clinkle representatives believe that a Stanford student is most likely behind the hack. It’s worth noting that Clinkle was actually founded in 2011 by a group of Stanford students.

“You’re describing visibility that was purposefully built into the system as part of our preliminary user testing and was always intended to be turned off,” Clinkle has told TechCrunch.

“As you can see from the list, we’ve been testing internally and registrations have been limited to Clinkle employees. We were using an open API, which has now been closed. That said, only names, phone numbers, photos, and Clinkle unique IDs were accessible.”

Since Clinkle only allows a select few to register accounts, there probably isn’t too much user information that could become compromised. However, security should always be a priority for payment processors.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s