In addition to launching Kardashian and Jenner mobile apps, the Kardashian and Jenner sisters also released new websites designed to help them connect better with their fans and offer more exclusive content.
ADVERTISEMENT
Security issue on Kardashian website exposes users payment info
One 19 year old developer, Alaxic Smith dug around on those websites and found an issue.
The Kardashian and Jenner sisters launched their apps and websites a few days ago
Recommended articles
However, one 19 year old developer, Alaxic Smith dug around on those websites and found an issue. Due to some kind of misconfiguration, he was able to access the full names and addresses of over 600,000 users who signed up for Kylie Jenner’s website, along with similar data from other websites belonging to the other sisters.
Smith also said he had the ability to create and destroy user profiles and more, though Techcrunch reports that he didn’t take those actions.
ADVERTISEMENT
The developer made the information known on blogging site Medium, explaining how he was able to access the information on Jenner’s website. He writes: “I’ll admit I downloaded Kylie’s app just to check it out. I also checked out the website, and just like most developers, I decided to take a look around to see what was powering the site. After I started digging a little bit deeper, I found a JavaScript file namedkylie.min.75c4ceae105ad8689f88270895e77cb0_gz.js. Just for fun, I decided to un-minify this file to see what kind of data they were collecting from users and other metrics they may be tracking. I saw several calls to an API, which of course made sense. I popped one of those endpoints into my browser, and got an error just liked I expected.”
Essentially, Smith had discovered an open, unsecured API. Being a major security issue as something like this puts users’ personal data and payment information at risk of being compromised, the company behind the sites and apps, Whalerock Industries, has affirmed that Smith is now collaborating with the company and the problems has since been addressed.
“Shortly after launch we were alerted that there was an open Api. It was promptly closed. Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses. Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers’ data,” the company said in a statement.
JOIN OUR PULSE COMMUNITY!
ADVERTISEMENT
Eyewitness? Submit your stories now via social or:
Email: eyewitness@pulse.com.gh
Recommended articles
Did you know that eggs don't make you fart?: 8 surprising foods that contain gas
What panic attacks are and how to deal with them
Here are 4 reasons men and women communicate differently — these can cause problems
How to bake a cake in a mug in less than one minute
10 most peaceful countries to live in
What are the differences between Bipolar I and Bipolar II?
Your marriage hasn't ended because of side chicks and here are 5 reasons
Top 5 least visited countries in the world
