.png)
1 year ago
105 BOOK THIS SPACE FOR AD
ARTICLE ADIf you are alive like me, you probably also enjoy the idea of easy money.
When I first started getting into bug bounty the complexity of some bugs scared me off from trying them so I did my best to figure out bugs that a scrub like myself could figure out. One of the bugs that came out of this effort was Social Media Take Over.
A quick check of a site’s footer for social media links has netted my over $20k in the last 5 years. Not too bad for the 30 seconds worth of effort.
https://www.facebook.com/StupidCompanySlug
To claim the slug on your personal account, visit
https://www.facebook.com/settings?tab=profile§ion=username&view
and just put the slug in and save.
You can also claim custom slugs on a “business” page, but here are certain criteria to meet. Like the page must have a certain number of likes, etc.
Facebook also seems to change this page every other year, so be sure to look around if you are reading in 2030.
2. Twitter: Check the broken link example:
https://twitter.com/StupidCompanySlug
To claim the slug, merely create a new twitter account with the slug in place.
3. Instagram: Check the broken link example: https://www.instagram.com/StupidCompanySlug/
To claim the slug, visit:
https://www.instagram.com/accounts/edit/ and update the Username field and Save.
4. LinkedIn: Check the broken link example:
Example: https://www.linkedin.com/company/stupid-company-slug/
To claim, you’ll need to create a company page.
https://www.linkedin.com/company/setup/new/
And you can claim the slug in the wizard setup.
LinkedIn takeovers are pretty rare, with one found in five years.
5. Pinterest: Little tougher, as there isn’t a “dead link” page. Visiting the broken link example:
https://www.pinterest.com/StupidCompanySlug
Redirects you to https://www.pinterest.com/ideas/
To claim a slug, visit: https://www.pinterest.com/settings#profile
Drop in the username and save:
Some difficulties that can occur.
1. Big corps can “claim” names that disallow others from making slugs.
An example would be that its impossible to use “Uber” in any Instagram account slug. So even if you find a dormant social media account, you cannot claim the slug.
2. You can get strikes against your account. The time it takes for the security team to remediate is sometimes longer than the company’s social media team has patience for and they will lodge a complaint against the platform that you are squatting on their account. So get it triaged and then release the slug, if you are using personal accounts.
Some impacts I’ve noted on my tickets that you can copy & paste.
PR Damage, increased risk of phishing customers and employees
Looking forward to people claiming “StupidCompanySlug” and ruining my examples.
Bengali (Bangladesh) · 
English (United States) ·