SoundCloud repairs API-related security snafus after Checkmarx research
Online audio distribution platform and music sharing website SoundCloud has fixed several security vulnerabilities affecting its API that could have otherwise resulted in hackers taking over accounts, launching denial of service attacks, and exploiting the service.
All weaknesses were found in an investigation conducted by the Checkmarx Security Research team to study the state of API security in leading online platforms.
Vulnerabilities found in SoundCloud’s API were responsibly disclosed by the Checkmarx team to the company, which they said had acted in a ‘very cooperative’ fashion.
Checkmarx security researcher Paulo Silva said: “We have no hint of attackers exploiting these vulnerabilities directly. Nevertheless, we found evidence of past incidents that could have been caused by a Broken Authentication issue exploitation.
“Having SoundCloud users as a target, broken authentication and user enumeration could have been used together to take control of user accounts,” Silva added. “Unfortunately, industry-wide incidents that expose user data, such as usernames and passwords, are quite common, making leaked data generally available.”
Earlier this week, SoundCloud raised $75 million (£58m) in funding from satellite radio giant SiriusXM, which also has an ad partnership with SoundCloud. The raised money would be used towards product development and launching new services.
You can read the full Checkmarx analysis by visiting here.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.
- » COBOL still going strong with enterprises favouring modernisation over retirement, report finds
- » Linux Foundation and LISH publish latest open-source census with suggestions to boost security
- » Raspberry Pi 4 is now OpenGL ES 3.1 conformant, Vulkan incoming