zlacker

[parent] [thread] 3 comments
1. losved+(OP)[view] [source] 2018-09-28 17:06:19
I wonder where the "50M users" estimate comes from. It seems like the feature that caused it, "View As", is probably available to more than that many people. Does this mean that they managed to trace the attacker capturing the access tokens of 50M users? Even allowing for the bug in the first place, it seems like exploiting it should be detected before 50M uses.
replies(2): >>moltar+i >>crypto+ec
2. moltar+i[view] [source] 2018-09-28 17:08:31
>>losved+(OP)
Probably they have stats on how many people actually used the feature.
replies(1): >>tlobes+s4
◧◩
3. tlobes+s4[view] [source] [discussion] 2018-09-28 17:35:34
>>moltar+i
Most likely this. I have a few dev accounts, one which I know I used the feature at some point, another few which did not and those were not reset.
4. crypto+ec[view] [source] 2018-09-28 18:25:54
>>losved+(OP)
They have different versions of code base deployed to different areas of the world all the time. They can reduce the user base nuber based on where the code was deployed and how much is the usage
[go to top]