<div dir="ltr"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><a href="https://techcrunch.com/2017/05/19/twitter-says-vine-users-emails-and-phone-numbers-were-exposed-for-a-day-but-werent-misused/">https://techcrunch.com/2017/05/19/twitter-says-vine-users-emails-and-phone-numbers-were-exposed-for-a-day-but-werent-misused/</a></div><div dir="ltr"><br></div><div dir="ltr"><p id="gmail-speakable-summary" style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">Twitter is <a target="_blank" href="https://medium.com/@vine/fixing-a-bug-in-the-vine-archive-47385e44ac2" style="box-sizing:border-box;color:rgb(8,158,0);text-decoration-line:none;outline:0px">alerting</a> Vine users of a bug that exposed their email addresses and, in some cases, phone numbers to third parties. It’s also advising affected users to be cautious about any emails from unknown senders as a result. The company says the bug was only active for 24 hours before being patched, and doesn’t believe that the data was misused in any way, at this time.</p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">To be clear, Twitter was not hacked nor is this considered a data breach – instead, the email address or phone number the company had on file for some Vine users was only available under certain circumstances, the company says.</p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">The company declined to officially comment on the specifics of how the bug was discovered or how it may have been seen by third parties, but we understand that this data was not published on the Vine archive website where anyone on the public internet could have seen it. Instead, if anyone was to have seen the data at the time of exposure, they would have had to do so through a more technical means – such as using an API to pull the information.</p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">Twitter is only alerting users out of a desire to be transparent in disclosing the vulnerability, not because they believe that anyone actually captured the user data or misused it in any way.</p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)"><img class="gmail-aligncenter gmail-size-large gmail-wp-image-1493526" src="https://tctechcrunch2011.files.wordpress.com/2017/05/screen-shot-2017-05-19-at-1-32-48-pm.png?w=545&h=680" alt="" width="545" height="680" style="box-sizing: content-box; max-width: 100%; height: auto; border: 1px solid rgb(213, 213, 213); display: block; clear: both; margin: 0px auto;"></p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">In addition, Twitter says that the exposed emails or phone numbers would not have allowed a third party to access someone’s Vine account because passwords were not exposed as a part of this incident.</p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">Emails are now going out to affected users, and will be personalized in terms of whether the user had only their email, only their phone number, or both exposed during the time the vulnerability was live.</p><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)"></div><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">Twitter declined to how many users or what percentage of the Vine user base was impacted.</p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">We understand that this issue would <em style="box-sizing:border-box">not</em> have affected Twitter users who didn’t also have Vine accounts, though.</p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)"></p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">Once a fairly popular social app, Vine was <a target="_blank" href="https://techcrunch.com/2017/01/17/vine-is-shutting-down-today-so-dont-forget-to-export-your-videos/" style="box-sizing:border-box;color:rgb(8,158,0);text-decoration-line:none;outline:0px">effectively shut down</a> at the beginning of the year, but the company continues to maintain <a target="_blank" href="https://techcrunch.com/2017/01/20/twitter-just-cant-let-go-of-vine-launches-an-online-archive/" style="box-sizing:border-box;color:rgb(8,158,0);text-decoration-line:none;outline:0px">an online archive of Vine videos</a> and a basic utility for those users who want to still make short, looping video clips.</p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">However, the fact that these resources remain online even when Vine is no longer a priority for the company means there’s still potential for things like this security incident to occur. Despite Twitter’s obvious interest in keeping the archive available for the Vine users and fandom, it may have been better for Twitter to have fully shuttered the site so engineering resources wouldn’t have to be diverted to its ongoing maintenance.</p><p style="box-sizing:border-box;margin:0px 0px 1em;padding:0px;color:rgb(62,67,62);font-family:"Open Sans",HelveticaNeue,Helvetica,Arial,sans-serif;font-size:16px;background-color:rgb(249,249,249)">Twitter says users do not need to reset passwords on their Vine accounts, but should be aware that any official communications from Vine will come from an @<a href="http://twitter.com">twitter.com</a> email address. Twitter will also never ask you via email to open an attachment or request your password, it says.</p><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span style="font-size:10pt"></span></b><span style="font-size:10pt"></span><span style="font-family:arial,helvetica,sans-serif"></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>