Latest in Api

Image credit:

Kardashian website security flaw exposes data for over 600,000 users

Billy Steele
September 17, 2015
Share
Tweet
Share

Sponsored Links

The Kardashian's new mobile apps may be extremely popular, but the websites recently launched alongside those offerings had a major flaw. An open unsecured API provided developer Alaxic Smith access to the names and email addresses of hundreds of thousands of subscribers when poked around Kylie Jenner's site -- over 600,000 on that site alone. What's more, Smith discovered that the same API was used across the other sister's sites, too. However, no payment info was accessible due to the fact that the sites themselves don't handle any funds, leaving that up to app stores and third-party services.

Whalerock Industries, the company that runs both the Kardashian sites and apps says that it was alerted to the issue just after launch and the API was "promptly closed." Whalerock also says that Smith, who authored a blog post on the whole thing, was only able to peruse "a limited set" of user info and that access to passwords and payment info wasn't touched. Smith has since pulled his post and Whalerock is in the process of finding out just what he saw and if he actually archived the findings. It turns out stumbling upon a security flaw and posting about it when some of the biggest celebs are involved could get you more than you bargained for.

[Image credit: James Devaney/GC Images]

In this article: api, flaw, kardashian, security, website
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Apple is reportedly planning 'Apple One' subscription bundles

Apple is reportedly planning 'Apple One' subscription bundles

View
Google pulled 'Fortnite' from the Play Store on Android

Google pulled 'Fortnite' from the Play Store on Android

View
Epic's parody of Apple's 1984 ad ends with #FreeFortnite

Epic's parody of Apple's 1984 ad ends with #FreeFortnite

View
Netflix confirms it's adding playback speed controls to its Android app

Netflix confirms it's adding playback speed controls to its Android app

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr