Russian hackers were able to get access to the accounts of many users.
Alexander Grebenshikov and Leo Loktionov, information security specialists told about the presence of a dangerous gap in the Yo messenger. Experts said that if you update the account login application, the system sends a confirmation code to the mobile number by default, without making sure that it really belongs to the owner of the account.
Information security experts explained that on the Yo Password Reset page, one may write any user‘s name and get a link to change the password, by using and entering your own phone number.
Alexander Grebenshikov noticed this kind of vulnerability, while Leo Loktionov found a way with the help of which one may get account using the panel of service creators.
Therefore, while using Yo application, experts have managed to send messages from strange accounts. In addition, they got to the personal account of Elija Chekalskiy, the technical director of TJOURNAL; after this the magazine stopped using the application which was used in order to distribute messages about the latest news.
However Russian hackers couldn't get access to telephone books as at the subsequent logging, messenger doesn’t keep the list of contacts. TJOURNAL employees informed the owners of the Yo application about the found vulnerability, but the leadership of the messenger has not commented on the situation.
Axarhöfði 14,
110 Reykjavik, Iceland