The Kardashians' New Websites Might Have Exposed Nearly 1 Million Users' Data
Keeping up with the Kardashians may have just gotten a lot easier with the family's new ring of Kardashian-themed websites, but it turns out hackers could have also used the websites to keep up with anyone who signed up for them.
A network of four new Kardashian family websites (www.thekyliejenner.com, kimkardashianwest.com, kendallj.com and khloewithak.com) appears to have potentially exposed the full names and email addresses of 891,340 people, according to findings by young coder Alaxic Smith.
While digging around in a JavaScript file available on Kylie Jenner's website, Smith discovered that he was able to gain access to a file marked "User List" using only his own credentials.
"I now had access to the first names, last name, and email addresses of the 663,270 people who signed up for Kylie Jenner's website," Smith wrote in a now-deleted blog post for Medium, which Motherboard reports was "forced" offline by Whalerock Digital Media, the company that developed the sites.
"I then noticed that I could do the same API call across each of the websites and return the same exact data for each site. I also had the ability to create / destroy users, photos, videos, and more."
"It's clear why this is a major issue," he added, "and raises the question: should users trust not only their personal information but also payment information with these apps?"
Also of note, Smith wrote, is Kylie Jenner's immense popularity with web users. While Jenner had 663,270 signups, Kim Kardashian had just 80,679, putting her behind even Khloe Kardashian.
Last week, Kardashian was busy justifying the $2.99 monthly fee she charges for site access, noting it had a style section where users could learn more about replicating her iconic look. Payment information does not seem to have been exposed by the leak, and it's also unclear whether other people accessed the data while it was vulnerable.
While the scope of this particular breach is large, the Kardashians are far from the only content providers to fall victim to security holes in recent years. Hackers recently released the personal information of over 30 million users on Ashley Madison, a website where married people sought out affairs. In 2013, retailer Target was the victim of a massive data breach affecting 40 million customers' information, including payment info.
h/t Motherboard