Kardashian websites exposed user data

The Kardashian and Jenner sisters launched websites and apps earlier this week, and one developer discovered an open API that exposed users' personal information.
The Kardashian and Jenner sisters launched websites and apps earlier this week, and one developer discovered an open API that exposed users' personal information.

Social media websites blew up earlier this week when the Kardashian sisters launched their own line of apps and websites to provide fans with exclusive content.

On Kylie Jenner's app, for example, the teen star posts photos and blog entries, similar to those she posts on Snapchat or Instagram. While hundreds of thousands of people scrambled to purchase a subscription for the content, one developer, Alaxic Smith, explored the websites' buried code.

He found that for a brief period, all the websites exposed users' subscriber information, including their first names, last names and email addresses. Exploiting a flaw in one of the sites' APIs, Smith could also create or delete users, photos and videos, he wrote on a now-cached Medium post.

The website creator, Whalerock Industries, confirmed the breach and said it patched the open API. No one else exploited the flaw, the company said. 

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS