The cause of a data leak at Mastodon was not an external intrusion, but an insufficient configuration of the Mastodon server for storing user data. This made it theoretically possible for every user of the service to view the data uploaded to files.mastodon.social. Mastodon discovered the bug on February 24th and closed it within 30 minutes. However, the leak had existed since the beginning of February because the infrastructure had been upgraded at the time, the provider writes in an e-mail.
no comments