Fast Feed

PII Exposure: The Data Heist You Never Knew Was Possible!

1 min read

Summary

  • SMTP (Simple Mail Transfer Protocol) is used for email communications
  • However, it can accidentally lead to the exposure of Personal Identifiable Information (PII), especially when misconfigured
  • During a security research project, one investigator found that a subdomain contained a signup functionality, and within this there was an SMTP conversation that revealed a link to an API.
  • This API appeared to be from a third-party provider, which sent an email and text message to the user when registration was successful.
  • The third-party API was using a GET method, and the SMTP response revealed the API key, username, message sender’s name, template ID, and other PII.
  • The security researcher was able to use this interface to both send text messages and see passwords and other PII when they were logged in to the third-party site.
  • This reveals a potential method for hackers to obtain unauthorized access to text messages and personal data.
  • The article ends by encouraging readers to practice ethical hacking.

Original Article

Backlinks