Latest in Arrest

Image credit:

'Photofucket' devs arrested for selling their pic-stealing app

25 Shares
Share
Tweet
Share
Save

Sponsored Links

Years before stolen pictures of celebs hit the internet in a massive bundle, news that Reddit posters were searching for private photos popped up under the term "fusking." As detailed by Buzzfeed in August of 2012, Reddit channels were dedicated to using a security flaw in Photobucket.com to search for pictures posted in private folders. If anyone on the internet knew (or could guess) a private photo's direct URL it was visible, and guessing the default filename of digital photos isn't very difficult. Today the US Department of Justice is announcing the arrest of two men for selling "Photofucket" software that it says stole guest passwords for protected albums and sought out those private pictures.

Brandon Bourret of Colorado and Athanasios Andrianakis of California are facing charges of "computer fraud and abuse, access device fraud, identification document fraud and wire fraud." Access device fraud carries the longest potential penalty, with up to ten years in federal prison and a $250k fine per count. According to the indictment (PDF), evidence against Bourret and Andrianakis includes emails they sent discussing exploits, customer service messages to Photofucket buyers, and Paypal transfers to fund the operation.

Back in 2012, many users of the picture sharing site -- who may have uploaded photos years earlier for sharing on early social networks like Myspace or Friendster -- had no idea that marking a folder private only hid the folder. At the time Photobucket announced that all new accounts would have their links scrambled by default, as well as an option to scramble links for existing users. It's unclear if that helped stem the tide of the hackers for those who even knew about it, and the originally revealed Reddit channels are marked private now. Investigation of the breach and the accounts that were accessed is ongoing, but if you have any old albums gathering dust it's probably well past time to up their protection or delete them entirely.

[Image credit: NetPhotos / Alamy]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
25 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
The Panama Papers lawyers want to stop Netflix’s ‘The Laundromat’

The Panama Papers lawyers want to stop Netflix’s ‘The Laundromat’

View
Oppo’s Reno 2 has a 'sharkfin' pop-up camera and decent zoom on the cheap

Oppo’s Reno 2 has a 'sharkfin' pop-up camera and decent zoom on the cheap

View
Analogue's $200 Pocket could be the ultimate retro gaming portable

Analogue's $200 Pocket could be the ultimate retro gaming portable

View
Ang Lee chases cinema’s 120FPS future with ‘Gemini Man’

Ang Lee chases cinema’s 120FPS future with ‘Gemini Man’

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr