Yahoo has fixed a Flickr flaw that enabled anyone to access the entire contents of an invitation, which are sent by users to ask nonmembers to join the photo sharing service.
The bug, originally reported to Yahoo a couple of months ago by a user on Hacker One, a service that helps operate bug bounty programs, would lead to the compromise of information, including names, email addresses, and messages contained within the invite.
The bug worked by entering a specific URL, along with a unique identifying number for the invitation.
Yahoo initially responded by saying that the service was working properly and sensitive data was not being made available, but following disclosure of the bug, the internet corporation changed its tune and said it would remunerate the bug bounty hunter.
