Threat Management

Mastodon security increasingly scrutinized amid growing popularity

SecurityWeek reports that decentralized social media platform Mastodon has been gaining increased scrutiny from cybersecurity researchers as more Twitter users have been looking to migrate to alternative sites following the acquisition of Elon Musk, which has resulted in significant changes that have adversely impacted Twitter's security. However, security vulnerabilities have also been discovered in Mastodon's "Infosec.exchange" instance where many members of the cybersecurity community have joined, with PortSwigger researcher identifying earlier this month a potential HTML injection flaw in the instance that could be leveraged for user credential theft. Infosec.exchange was also found by MinIO researcher Lenin Alevski to have a misconfiguration that could be exploited to allow the download of all server files. Such a concern has already been addressed by the instance's administrator but other widely used Mastodon instances were also discovered by Alevski to be impacted by similar issues. Meanwhile, more thana 150,000 users had their information scraped from an unprotected Mastodon database last week, according to researcher Anurag Sen.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.