Vulnerability Management

Kardashian websites exposed user data

Share

Social media websites blew up earlier this week when the Kardashian sisters launched their own line of apps and websites to provide fans with exclusive content.

On Kylie Jenner's app, for example, the teen star posts photos and blog entries, similar to those she posts on Snapchat or Instagram. While hundreds of thousands of people scrambled to purchase a subscription for the content, one developer, Alaxic Smith, explored the websites' buried code.

He found that for a brief period, all the websites exposed users' subscriber information, including their first names, last names and email addresses. Exploiting a flaw in one of the sites' APIs, Smith could also create or delete users, photos and videos, he wrote on a now-cached Medium post.

The website creator, Whalerock Industries, confirmed the breach and said it patched the open API. No one else exploited the flaw, the company said. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.