A user on the Twitter alternative Spoutible has accused the company of deleting their posts after pressing Spoutible CEO Christopher Bouzy for more transparency regarding its recent security issue. These claims, which the company denies, add another layer of complexity to the ongoing security incident saga at the startup.
Key Takeaway
Spoutible’s security breach and the subsequent allegations of a smear campaign have raised concerns about the company’s handling of the situation and its impact on user trust and confidence.
Security Breach and Allegations
Last week, Bouzy acknowledged a security vulnerability that exposed users’ emails and phone numbers at his startup, which is positioned as a more inclusive and kinder Twitter. However, security researcher Troy Hunt discovered that Spoutible’s developer API also exposed information that could have been exploited by bad actors to take over users’ accounts without their knowledge.
Hunt’s findings revealed that the Spoutible API returned sensitive data, including the bcrypt hash of users’ passwords, 2FA secrets, and password reset tokens. This serious vulnerability impacted a significant portion of the smaller social network’s user base, as 207,000 user records were scraped from its misconfigured API.
CEO’s Response and Accusations
Bouzy confirmed the data breach and vulnerability, requiring users to create new, stronger passwords. However, he also referred to the vulnerability’s discovery as “an attack” on his network and alleged that the person who scraped the data was intent on harming Spoutible’s reputation.
In response to these allegations, Bouzy accused an online group known as “Doubtible” of being behind the attack, claiming that they had been spreading falsehoods about Spoutible and its community members. He further alleged that the security vulnerability arose due to a misconfiguration in the company’s API.
Community Response and Criticisms
Several individuals, including data journalist Dan Nguyen and other users, have criticized Bouzy for downplaying the severity of the vulnerability. There are also concerns about the company silencing its critics, with one user publicly accusing the CEO of deleting their posts on the platform.
Recovery and Future Outlook
The incident at Spoutible raises questions about the company’s ability to recover from this security breach and the subsequent allegations. Similar to another smaller company, Hive, which faced a major security issue, Spoutible’s reputation may face challenges in the aftermath of this incident.
