Someone Got Hold Of Over 800,000 Users' Data On Kardashian-Jenner Sites
None of the Kardashians truly qualify as an everywoman, but that doesn't mean fans shouldn't be able to trust their favorite reality TV stars… Wait, no, models… Wait, no, stylists… Wait, no, app developers… Wait, no, sci-fi novelists… Wait, no, singers… Wait, no, former basketball wives… Wait, no, designers… Wait, no, wait.
When 19-year-old coder Alaxic Smith was perusing Kylie's site, he realized the Whalerock Industries developers left the API open, exposing the names and email addresses of 663,270 users.
The teen also noticed the clearance he stumbled upon extended further than Kylie's site, exposing over 200,000 more users' data.
In a post on Medium, where Smith posted censored proof of his discovery, he wrote,
I then noticed that I could do the same API call across each of the websites and return the same exact data for each site. I also had the ability to create/destroy users, photos, videos, and more… Should users trust not only their personal information but also payment information with these apps?
Smith said he notified Whalerock, and the developers since ordered him to remove the post, though it still exists in cached form.
According to the developers, users' payment data was never exposed, and the missing security link was addressed.
The most shocking part of this whole debacle, though, has to be the fact that the Kardashians do not do their own coding.