{"id":55275,"date":"2024-02-07T15:14:18","date_gmt":"2024-02-07T15:14:18","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35501\/Spoutibles-API-Leaked-2FA-Seeds-Password-Reset-Tokens.html"},"modified":"2024-02-07T15:14:18","modified_gmt":"2024-02-07T15:14:18","slug":"spoutibles-api-leaked-2fa-seeds-password-reset-tokens","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/","title":{"rendered":"Spoutible&#8217;s API Leaked 2FA Seeds, Password Reset Tokens"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/02\/020624_data_leak.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Microblogging site Spoutible fixed an API flaw that leaked user data, including hashed passwords, password reset tokens and information that could be used to bypass two-factor authentication (2FA).<\/p>\n<p>Troy Hunt, a Microsoft Regional Director and MVP best known as the creator of data breach information website \u201cHave I Been Pwned?,\u201d first reported the flaw to Spoutible on Feb. 4 and the vulnerability was fixed a few hours later, <a href=\"https:\/\/www.troyhunt.com\/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hunt wrote on his blog Monday<\/a>.<\/p>\n<p>Hunt said the Spoutible flaw was brought to his attention last week by someone who sent him a file containing 207,000 records scraped from the site\u2019s API.<\/p>\n<p>Spoutible Founder and CEO Christopher Bouzy, who has <a href=\"https:\/\/twitter.com\/cbouzy\/status\/1753774671168688638\" target=\"_blank\" rel=\"noreferrer noopener\">previously promoted the platform as an alternative to X<\/a> (formerly known as Twitter), <a href=\"https:\/\/help.spoutible.com\/support\/solutions\/articles\/150000174284-important-security-update\" target=\"_blank\" rel=\"noreferrer noopener\">released a statement<\/a> Tuesday informing users about the data leak and how to secure their accounts.<\/p>\n<p>\u201cWe are taking this matter extremely seriously. We have already implemented additional security measures to prevent future incidents, and we will notify the appropriate authorities, including the FBI,\u201d Bouzy wrote.<\/p>\n<p>Spoutible users were advised to change their passwords, reset 2FA and continue to monitor their accounts for suspicious activity.<\/p>\n<h2>Spoutible API vulnerability could enable account takeover<\/h2>\n<p>Hunt outlined the Spoutible vulnerability in his blog post, expressing shock at the types of information available publicly via the API.<\/p>\n<p>In addition to email addresses, IP addresses and phone numbers (for users that linked a phone number to their account), the API leaked bcrypt hashed passwords, 2FA seeds, bcrypt hashed 2FA backup codes and password reset tokens.<\/p>\n<p>While the passwords and backup codes were not leaked in an unencrypted format, Hunt pointed out that bcrypt hashes are relatively easy to crack. He demonstrated this by <a href=\"https:\/\/x.com\/sundhaug92\/status\/1753977138133242028?s=20\" target=\"_blank\" rel=\"noreferrer noopener\">challenging his followers on X<\/a> to decrypt the hash of a six-digit 2FA backup code, which one of his followers successfully did in under three minutes. &nbsp;<\/p>\n<p>Hunt also noted that Spoutible has few requirements for password strength, only mandating that passwords be between six and 20 characters.<\/p>\n<p>In addition, Hunt demonstrated how the 2FA seeds, or \u201c2fa_secret\u201d field items, leaked by the API could be used to generate a one-time password as a second factor. With this information, along with the 2FA backup code, even accounts with 2FA activated were vulnerable to takeover.<\/p>\n<p>Lastly, the password reset token exposed by the API would enable anyone to take over an account completely just by changing the account password. Users would not receive an email informing them their password was changed, nor was there a way for them to view all the logged in sessions on their account, Hunt wrote.<\/p>\n<p>In addition to reporting the issue to Sproutible, Hunt added all 207,000 of the scraped email addresses sent to him to the searchable breach database at \u201cHave I Been Pwned?\u201d<\/p>\n<h2>Spoutible CEO defends platform, alleges \u2018malicious\u2019 data scraping<\/h2>\n<p>Hunt praised Spoutible for its \u201cexcellent\u201d response time in fixing the flaw and said Bouzy\u2019s communication with him regarding the data leak was \u201ccommendable.\u201d<\/p>\n<p>Many responses to <a href=\"https:\/\/spoutible.com\/thread\/27217040\" target=\"_blank\" rel=\"noreferrer noopener\">the security update<\/a> similarly praised the company and CEO\u2019s swift response, while some criticized the fact that Bouzy\u2019s statement only said \u201cemail addresses and some cell phone numbers\u201d were exposed. &nbsp;&nbsp;<\/p>\n<p>On his own Spoutible and X accounts, Bouzy defended the platform and <a href=\"https:\/\/spoutible.com\/thread\/27371172\" target=\"_blank\" rel=\"noreferrer noopener\">accused<\/a> the person who sent the scraped records to Hunt of conducting an \u201cattack\u201d on the site.<\/p>\n<p>\u201cAttacks by malicious actors on Spoutible are not an anomaly, mirroring incidents on established platforms like Twitter, Facebook, Instagram, and TikTok among many others, which have seen the leak of hundreds of millions of records despite their vast resources,\u201d Bouzy <a href=\"https:\/\/x.com\/cbouzy\/status\/1754902538438975835?s=20\" target=\"_blank\" rel=\"noreferrer noopener\">wrote on X<\/a>.<\/p>\n<p>He continued: \u201cThe distinct difference in Spoutible\u2019s case was our swift and decisive action\u2014rectifying the situation promptly and informing our users within a matter of hours, in start contrast to the delayed responses of days, weeks, months, or even years seen elsewhere.\u201d<\/p>\n<p>Bouzy also questioned the motives of the person who reached out to Hunt rather than contacting the site itself.<\/p>\n<p>\u201cA person doesn\u2019t need to scrape 200k+ accounts to reveal a vulnerability. They could\u2019ve easily contacted us and\/or Troy outlying the security flaw. So to suggest that the scraping of the data and giving it to Troy wasn\u2019t malicious is MAGA delusion,\u201d Bouzy <a href=\"https:\/\/spoutible.com\/thread\/27372474\" target=\"_blank\" rel=\"noreferrer noopener\">wrote on Spoutible<\/a>.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35501\/Spoutibles-API-Leaked-2FA-Seeds-Password-Reset-Tokens.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":55276,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10842],"class_list":["post-55275","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinedata-lossflawpasswordsocial"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Spoutible&#039;s API Leaked 2FA Seeds, Password Reset Tokens 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Spoutible&#039;s API Leaked 2FA Seeds, Password Reset Tokens 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-07T15:14:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/02\/020624_data_leak.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Spoutible&#8217;s API Leaked 2FA Seeds, Password Reset Tokens\",\"datePublished\":\"2024-02-07T15:14:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/\"},\"wordCount\":724,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens.jpg\",\"keywords\":[\"headline,data loss,flaw,password,social\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/\",\"name\":\"Spoutible's API Leaked 2FA Seeds, Password Reset Tokens 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens.jpg\",\"datePublished\":\"2024-02-07T15:14:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens.jpg\",\"width\":1105,\"height\":700},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,data loss,flaw,password,social\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinedata-lossflawpasswordsocial\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Spoutible&#8217;s API Leaked 2FA Seeds, Password Reset Tokens\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Spoutible's API Leaked 2FA Seeds, Password Reset Tokens 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/","og_locale":"en_US","og_type":"article","og_title":"Spoutible's API Leaked 2FA Seeds, Password Reset Tokens 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-02-07T15:14:18+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/02\/020624_data_leak.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Spoutible&#8217;s API Leaked 2FA Seeds, Password Reset Tokens","datePublished":"2024-02-07T15:14:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/"},"wordCount":724,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/02\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens.jpg","keywords":["headline,data loss,flaw,password,social"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/","url":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/","name":"Spoutible's API Leaked 2FA Seeds, Password Reset Tokens 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/02\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens.jpg","datePublished":"2024-02-07T15:14:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/02\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/02\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens.jpg","width":1105,"height":700},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/spoutibles-api-leaked-2fa-seeds-password-reset-tokens\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,data loss,flaw,password,social","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinedata-lossflawpasswordsocial\/"},{"@type":"ListItem","position":3,"name":"Spoutible&#8217;s API Leaked 2FA Seeds, Password Reset Tokens"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55275"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55275\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/55276"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}