The investigation also discovered that misconfigured security products submit every link they receive via emails to urlscan.io as a public scan. A malicious actor may use the scan results to launch password reset links for the compromised email addresses, capture the URLs, and use those links to take control of the accounts. The adversary can look up the specific services registered using the target email addresses on data breach reporting websites, like Have I Been Pwned, to increase the effectiveness of such an attack. Urlscan.io has urged users to “understand the different scan visibilities, review your own scans for non-public information, review your automated submission workflows, [and] enforce a maximum scan visibility for your account.” It has also included deletion rules to automatically discard previous and upcoming scans that match the search patterns. “This information could be used by spammers to collect email addresses and other personal information. It could be used by cyber criminals to take over accounts and run believable phishing campaigns, said Bräunlein.
https://thehackernews.com/2022/11/experts-find-urlscan-security-scanner.html
