A vigilant organization can fight problems at the very first sights. This helps them avoid a lot of damage at the right time. Something like this happened on the 22nd September 2020 with the popular video messaging application, Loom. SecureLayer7 came across a account takeover vulnerability while performing a pentest on different applications for Loom.
They immediately reported the organization of the same. Loom not only resolved the vulnerability but also did so before it could cause any damage.
What was the nature of the account takeover vulnerability?
The vulnerability if exploited would have made it possible for the attackers to cause a man-in-the-middle attack. This would have given them access to someone’s Loom account putting their privacy & data in jeopardy. Thankfully, on inspection of their server logs, Loom realized that no breach has occurred yet & no user’s data has been compromised either. The company realized there was a vulnerability at the right time before anything could go wrong.
In order to make things better, Loom is making every effort possible to ensure the vulnerability is fixed soon. Loom has taken quite a conservative approach towards fixing the vulnerabilities. They have done a force logout & password reset for some user accounts that might have been at risk. This is just a way for them to ensure that the vulnerability is still not exploited.
An appreciable effort
The Loom is also taking efforts towards safeguarding their users from similar vulnerabilities in the future. They are using factors like internal processes, code and tests to ensure a similar incident is not repeated in the time to come.
#SecureLayer7 did an outstanding job at recognizing & identifying the vulnerability on time. Similarly, Loom also dealt with it in a decent way. It is with organizations like Loom that the users feel their trust is placed right. Though many organizations are under the risk of attack today, it matters how they deal with the scenario.