A web developer has exposed thousands of privacy flaw in the Kardashians’ new collection of apps and websites that leaves more than 890,000 fans’ personal data open to hackers.
Alaxic Smith published a blog post – which has since been deleted – with screengrabs showing how he accidentally came across names and email addresses of subscribers.
Beyond the security concerns, his foray into the Kardashian cyberworld, powered by Whalerock Digital Media, also revealed Kylie Jenner’s site is by far the most popular.
Smith, a teenage designer and engineer, wrote that he had finished a day of work on Monday when he heard the news that the Kardashian-Jenner family had launched a set of websites and apps with a pay-for-subscription service.
As he tried to work out what powered the incredibly popular sites, he found the API was open. In other words, he could put some basic code into his browser, and when he logged in was presented with streams of personal data.
‘I’ll admit it, I downloaded Kylie’s app just to check it out,’ he said in the blog post on Medium, which is now deleted but still available as a cached version.
‘I also checked out the website, and just like most developers, I decided to take a look around to see what was powering the site. I started digging a little bit deeper and found a JavaScript file named kylie.min.75c4ceae105ad8689f88270895e77cb0_gz.js.
‘Just for fun, I decided to un-minify this file to see what kind of data they were collecting from users and other metrics they may be tracking.’
Astonishingly, his digging exposed 891,340 subscribers’ information.
The stats showed that 663,270 of those users subscribed to Kylie Jenner’s personal site.
The second most popular sister is Khloe Kardashian, with 96,635 users.
Kim, often seen as the star of the clan, has 80,679 subscribers according to the data.
And Kendall had 50,756.
Kourtney's site is not yet live.
Smith has a theory about Kylie’s success as he reflects on the data. ‘Millennials want to be closer to their favorite people, artists, athletes and more than ever. There’s no coincidence that Kylie had ~828% more signups than Kim,’ he writes.
On a more serious note he writes that he reached out to Whalerock to make them aware of the issue, and remarked: 'It’s clear why this is a major issue, and raises the question: should users trust not only their personal information but also payment information with these apps?'
According to Motherboard, Smith was forced to delete his blog post and has been barred from speaking to the media.
credit
Post a Comment