{"id":39344,"date":"2021-01-28T13:51:30","date_gmt":"2021-01-28T13:51:30","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31967\/New-Social-Media-Site-Pillowfort-Is-Riddled-With-Basic-Bugs.html"},"modified":"2021-01-28T13:51:30","modified_gmt":"2021-01-28T13:51:30","slug":"new-social-media-site-pillowfort-is-riddled-with-basic-bugs","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/","title":{"rendered":"New Social Media Site Pillowfort Is Riddled With Basic Bugs"},"content":{"rendered":"
\n
\"IMG_1496\"<\/picture><\/div>\n

Image: Cathryn Virginia\/VICE<\/p>\n<\/div>\n

<\/p>\n

A new highly anticipated social media website is full of “silly” and “old-school” bugs that allow users to exploit other users on the website using HTML code in usernames and posts, according to several people who are sharing the exploits on Twitter.<\/p>\n

<\/span><\/p>\n

Pillowfort, a new Tumblr-like social media site, announced<\/a> on Monday that it was now open to all users. Just a few hours later, several<\/a> users<\/a> noticed that they could mess with others just by including HTML code in their posts and usernames. On Tuesday afternoon, the company announced on Twitter<\/a> that it had taken the site offline “to enact some precautionary safety measures,” but did not directly address any of the seeming bugs.<\/p>\n

<\/span><\/p>\n

Another user<\/a> figured out that he could include the Sign Out link in an image HTML tag and force users to sign out just by viewing the post with the image.<\/p>\n

<\/span><\/p>\n

“Such a silly mistake,” Jane Manchun Wong, an independent security researcher, told Motherboard in an online chat. “It appears this website forgot to sanitize user input, which the website includes as part of the webpage, which could potentially allow cross-site scripting attack.” <\/p>\n

<\/span><\/p>\n

\n

Advertisement<\/p>\n<\/div>\n

<\/span><\/p>\n

Cross-site scripting attacks, or XSS, are common web vulnerabilities that allow attackers to execute code on a users’ browser or computer by injecting malicious code into the site. They are widely understood and there are simple and easy ways to prevent this kind of attacks if web developers follow best<\/a> practices<\/a>. <\/p>\n

<\/span><\/p>\n

“It\u2019s a very old-school attack,” Jim Manico, a former board member of the Open Web Application Security Project, told Motherboard in an online chat. “This is only possible because of insecure coding practices of a particular website.” <\/p>\n

<\/span><\/p>\n

A Pillowfort spokesperson said in an email on Tuesday afternoon that the company was working on fixing the issues.<\/p>\n

<\/span><\/p>\n

\u201cOur team pushed out a fix for the “\/signout” link exploit the first user found. We are confident it was a one-of-a-kind issue that does not represent any wide-scale problems in our infrastructure. Inserting various HTML elements into Froala, our post editor, are already allowed for post contents and our developer team already sanitized for unwanted HTML elements,\u201d the spokesperson said.<\/p>\n

<\/span><\/p>\n

\u201cFor the time being, we have temporarily taken Pillowfort offline to ensure that any potential bug concerns or security exploits are dealt with while also avoiding any compromise of our users’ accounts,\u201d the spokesperson wrote. \u201cBut we wanted to share, for transparency and to hopefully bring some ease of mind to those aware of the situation, that there was not any breach of data or personal information that occurred as part of the public launch. Additionally, we do not store credit card information of any kind on Pillowfort.\u201d<\/p>\n

<\/span><\/div>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9181],"class_list":["post-39344","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-blogs","tag-headlinehackerprivacyflawsocial"],"yoast_head":"\nNew Social Media Site Pillowfort Is Riddled With Basic Bugs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Social Media Site Pillowfort Is Riddled With Basic Bugs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-28T13:51:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"432\" \/>\n\t<meta property=\"og:image:height\" content=\"435\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New Social Media Site Pillowfort Is Riddled With Basic Bugs\",\"datePublished\":\"2021-01-28T13:51:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\\\/\"},\"wordCount\":465,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"keywords\":[\"headline,hacker,privacy,flaw,social\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\\\/\",\"name\":\"New Social Media Site Pillowfort Is Riddled With Basic Bugs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"datePublished\":\"2021-01-28T13:51:30+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,privacy,flaw,social\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerprivacyflawsocial\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New Social Media Site Pillowfort Is Riddled With Basic Bugs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Social Media Site Pillowfort Is Riddled With Basic Bugs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/","og_locale":"en_US","og_type":"article","og_title":"New Social Media Site Pillowfort Is Riddled With Basic Bugs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-01-28T13:51:30+00:00","og_image":[{"width":432,"height":435,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New Social Media Site Pillowfort Is Riddled With Basic Bugs","datePublished":"2021-01-28T13:51:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/"},"wordCount":465,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"keywords":["headline,hacker,privacy,flaw,social"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/","url":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/","name":"New Social Media Site Pillowfort Is Riddled With Basic Bugs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"datePublished":"2021-01-28T13:51:30+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-social-media-site-pillowfort-is-riddled-with-basic-bugs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,privacy,flaw,social","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerprivacyflawsocial\/"},{"@type":"ListItem","position":3,"name":"New Social Media Site Pillowfort Is Riddled With Basic Bugs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39344"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39344\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}