SoundCloud repairs API-related security snafus after Checkmarx research

SoundCloud repairs API-related security snafus after Checkmarx research Developer is a hub for the latest news, blogs, comment, strategy and advice from leading brands and experts across the apps industry. It provides a free, practical resource that aims to help developers negotiate the industry, access top level advice and ensure they are able to negotiate the industry as effectively and profitably as possible.

Online audio distribution platform and music sharing website SoundCloud has fixed several security vulnerabilities affecting its API that could have otherwise resulted in hackers taking over accounts, launching denial of service attacks, and exploiting the service.

All weaknesses were found in an investigation conducted by the Checkmarx Security Research team to study the state of API security in leading online platforms.

Vulnerabilities found in SoundCloud’s API were responsibly disclosed by the Checkmarx team to the company, which they said had acted in a ‘very cooperative’ fashion.

Checkmarx security researcher Paulo Silva said: “We have no hint of attackers exploiting these vulnerabilities directly. Nevertheless, we found evidence of past incidents that could have been caused by a Broken Authentication issue exploitation.

“Having SoundCloud users as a target, broken authentication and user enumeration could have been used together to take control of user accounts,” Silva added. “Unfortunately, industry-wide incidents that expose user data, such as usernames and passwords, are quite common, making leaked data generally available.”

Earlier this week, SoundCloud raised $75 million (£58m) in funding from satellite radio giant SiriusXM, which also has an ad partnership with SoundCloud. The raised money would be used towards product development and launching new services.

You can read the full Checkmarx analysis by visiting here.

Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located 5G ExpoIoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *