paganinip posts:
Security researcher Dan Melamed has found a serious Pinterest Exploit that exposed user’s information of over 70 Million accounts.
The security researcher Dan Melamed has found a Critical Pinterest Exploit that compromised the privacy of over 70 Million Users, the flaw allows hackers to view the email address of any user on Pinterest.
Dan has found the way to access to the information belonging to the owner of the Access token, as the researcher has shown it is possible to display them visiting the following URL.https://api.pinterest.com/v3/users/me/?access_token=
Substituting the “/me/” part of the link with the username of another Pinterest user it is possible to view its email address.
Read more on SecurityAffairs.co. The exploit has already been patched, and it sounds like Pinterest responded appropriately to notification of the problem.