Thursday, September 17, 2015

Kardashian website security flaw exposes data for over 600,000 users

Source: http://www.engadget.com/2015/09/17/kardashian-websites-security-flaw/

Celebrity Sightings In New York City - September 15, 2015

The Kardashian's new mobile apps may be extremely popular, but the websites recently launched alongside those offerings had a major flaw. An open unsecured API provided developer Alaxic Smith access to the names and email addresses of hundreds of thousands of subscribers when poked around Kylie Jenner's site -- over 600,000 on that site alone. What's more, Smith discovered that the same API was used across the other sister's sites, too. However, no payment info was accessible due to the fact that the sites themselves don't handle any funds, leaving that up to app stores and third-party services.

Whalerock Industries, the company that runs both the Kardashian sites and apps says that it was alerted to the issue just after launch and the API was "promptly closed." Whalerock also says that Smith, who authored a blog post on the whole thing, was only able to peruse "a limited set" of user info and that access to passwords and payment info wasn't touched. Smith has since pulled his post and Whalerock is in the process of finding out just what he saw and if he actually archived the findings. It turns out stumbling upon a security flaw and posting about it when some of the biggest celebs are involved could get you more than you bargained for.

[Image credit: James Devaney/GC Images]

Source: TechCrunch