The Kardashians' New Websites Might Have Exposed Nearly 1 Million Users' Data

The Kardashians' New Websites Might Have Exposed Nearly 1 Million Users' Data
Source: Getty Images
Source: Getty Images

Keeping up with the Kardashians may have just gotten a lot easier with the family's new ring of Kardashian-themed websites, but it turns out hackers could have also used the websites to keep up with anyone who signed up for them.

A network of four new Kardashian family websites (www.thekyliejenner.com, kimkardashianwest.com, kendallj.com and khloewithak.com) appears to have potentially exposed the full names and email addresses of 891,340 people, according to findings by young coder Alaxic Smith.

While digging around in a JavaScript file available on Kylie Jenner's website, Smith discovered that he was able to gain access to a file marked "User List" using only his own credentials.

"I now had access to the first names, last name, and email addresses of the 663,270 people who signed up for Kylie Jenner's website," Smith wrote in a now-deleted blog post for Medium, which Motherboard reports was "forced" offline by Whalerock Digital Media, the company that developed the sites.

"I then noticed that I could do the same API call across each of the websites and return the same exact data for each site. I also had the ability to create / destroy users, photos, videos, and more."

"It's clear why this is a major issue," he added, "and raises the question: should users trust not only their personal information but also payment information with these apps?"

Also of note, Smith wrote, is Kylie Jenner's immense popularity with web users. While Jenner had 663,270 signups, Kim Kardashian had just 80,679, putting her behind even Khloe Kardashian.

Last week, Kardashian was busy justifying the $2.99 monthly fee she charges for site access, noting it had a style section where users could learn more about replicating her iconic look. Payment information does not seem to have been exposed by the leak, and it's also unclear whether other people accessed the data while it was vulnerable.

While the scope of this particular breach is large, the Kardashians are far from the only content providers to fall victim to security holes in recent years. Hackers recently released the personal information of over 30 million users on Ashley Madison, a website where married people sought out affairs. In 2013, retailer Target was the victim of a massive data breach affecting 40 million customers' information, including payment info. 

h/t Motherboard

How much do you trust the information in this article?

Tom McKay

Tom is a staff writer at Mic, covering national politics, media, policing and the war on drugs. He is based in New York and can be reached at tmckay@mic.com.

MORE FROM

The six words that will make you sound smarter than all your friends when watching the eclipse

What is an umbra? How does the Saros cycle work? The total solar eclipse, explained.

Do you have little freckles in your eyes? This might be why.

Remember to protect your eyes.

The US desperately needs computer science majors, so keep coding

There are more than 500,000 computing jobs open in the US right now.

The 2017 solar eclipse will help scientists figure out just how much energy we get from the sun

Reflections are tricky things — as we'll learn when August's total solar eclipse hits.

No, Mars didn’t grow 12 more moons — here’s what’s happening in this stunning picture

Mars and the mysteriously multiplying moon.

Scooby-Doo’s real name isn’t Scoobert Doobert

It's time to call Scooby by his real name.

The six words that will make you sound smarter than all your friends when watching the eclipse

What is an umbra? How does the Saros cycle work? The total solar eclipse, explained.

Do you have little freckles in your eyes? This might be why.

Remember to protect your eyes.

The US desperately needs computer science majors, so keep coding

There are more than 500,000 computing jobs open in the US right now.

The 2017 solar eclipse will help scientists figure out just how much energy we get from the sun

Reflections are tricky things — as we'll learn when August's total solar eclipse hits.

No, Mars didn’t grow 12 more moons — here’s what’s happening in this stunning picture

Mars and the mysteriously multiplying moon.

Scooby-Doo’s real name isn’t Scoobert Doobert

It's time to call Scooby by his real name.