Latest in Arrest

Image credit:

'Photofucket' devs arrested for selling their pic-stealing app

25 Shares
Share
Tweet
Share
Save

Sponsored Links

Years before stolen pictures of celebs hit the internet in a massive bundle, news that Reddit posters were searching for private photos popped up under the term "fusking." As detailed by Buzzfeed in August of 2012, Reddit channels were dedicated to using a security flaw in Photobucket.com to search for pictures posted in private folders. If anyone on the internet knew (or could guess) a private photo's direct URL it was visible, and guessing the default filename of digital photos isn't very difficult. Today the US Department of Justice is announcing the arrest of two men for selling "Photofucket" software that it says stole guest passwords for protected albums and sought out those private pictures.

Brandon Bourret of Colorado and Athanasios Andrianakis of California are facing charges of "computer fraud and abuse, access device fraud, identification document fraud and wire fraud." Access device fraud carries the longest potential penalty, with up to ten years in federal prison and a $250k fine per count. According to the indictment (PDF), evidence against Bourret and Andrianakis includes emails they sent discussing exploits, customer service messages to Photofucket buyers, and Paypal transfers to fund the operation.

Back in 2012, many users of the picture sharing site -- who may have uploaded photos years earlier for sharing on early social networks like Myspace or Friendster -- had no idea that marking a folder private only hid the folder. At the time Photobucket announced that all new accounts would have their links scrambled by default, as well as an option to scramble links for existing users. It's unclear if that helped stem the tide of the hackers for those who even knew about it, and the originally revealed Reddit channels are marked private now. Investigation of the breach and the accounts that were accessed is ongoing, but if you have any old albums gathering dust it's probably well past time to up their protection or delete them entirely.

[Image credit: NetPhotos / Alamy]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
25 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
AT&T reportedly considers offloading its DirecTV satellite unit

AT&T reportedly considers offloading its DirecTV satellite unit

View
T-Mobile’s Sprint merger is opposed by 18 state attorneys general

T-Mobile’s Sprint merger is opposed by 18 state attorneys general

View
HBO Max will revive 'The Boondocks' for a two-season run

HBO Max will revive 'The Boondocks' for a two-season run

View
Microsoft plans to bring broadband to 9 million more Americans

Microsoft plans to bring broadband to 9 million more Americans

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr