Kardashian Website Security Issue Exposes Names, Emails Of Over Half A Million Subscribers, Payment Info Safe
by Sarah Perez (@sarahintampa) as written on TechCrunch.com
Alongside the launch of the Kardashian and Jenner mobile apps, which are now dominating the App Store after seeing hundreds of thousands of downloads apiece in their first days on the market, the celeb sisters also released new websites designed to help them better connect with their fans while offering a more personal look inside their lives.
However, one enterprising young developer dug around those websites and immediately found an issue. Due to a misconfiguration, he was able to access the full names and email addresses of over 600,000 users who signed up for Kylie Jenner’s website as well as pull similar user data from the other websites.
In addition, the developer said he had the ability to create and destroy users, photos, videos and more, though we understand he didn’t actually take those actions.
The developer in question, 19-year-old Alaxic Smith, had some interest in the celebrity biz already. As the co-founder of Communly, he’s been working on a mobile app that lets users connect with others who share their interests, including tracking new information about favorite celebs, for example.
On blogging site Medium, Smith explained how he was able to access the user data from Kylie Jenner’s website. He also noted that his explorations initially began as idle curiosity about what was powering the new sites under the hood, rather than being some malicious hack or even a more focused attempt at uncovering security vulnerabilities.
Smith then logged into the website with his own user name and password and was directed to a web page that contained the first and last names and email addresses of the 663,270 people who had signed up for the site, he says.
Following this discovery, Smith realized he could perform the same API call across each of the other sisters’ websites and return the same data. Besides being able to access this user data, Smith says he found he was also able to create and destroy users, photos and videos.
September 19, 2015
'@Windows10 Yahoo Mail App Released
Yahoo Mail App Released For Windows 10 Devices Yahoo Mail […]LEARN MORE