Up to 800,000 users of Kardashian app may be at risk following password exposure
Fans of reality television’s favourite family may want to check their passwords following the news that an app dedicated to the Kardashian clan has been compromised.
Up to 800,000 users of an ‘exclusive’ app which promised to offer all the hottest and latest news Kim, Khloe and Kendall et al may be at risk.
That’s according to HotforSecurity, which found that one of the app’s users was able to access the names and email addresses of thousands of other subscribers.
Nineteen-year-old web developer Alaxic Smith, who said he downloaded the app ‘out of curiosity’, found that when he logged into the website dedicated to Kylie Jenner with his own username and password, he was able to access the names and email addresses of 663,270 of her signed-up fans.
Smith also found that the apps were designed with an open and unsecured API, meaning that he was able to create and destroy users, photos and videos. And this wasn’t just true of Kylie Jenner’s website, but also those of her siblings Kim Kardashian, Khloe Kardashian and Kendall Jenner.
Smith says he has reached out to Whalerock Digital Media, the firm behind the Kardashian clan’s apps, and advised them on the problem can be fixed. The company later told TechCrunch that it had closed its API, and that Smith was only able to access “a limited set of names and email addresses.”
“Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers’ data,” Whalerock said.
The flaw marks the second time a Kardashian has put her fans at risk, after naked photos of Kim Kardashian were among those leaked in the celebrity iCloud photo scandal of last winter.
Are you a security pro? Try our quiz!