Kardashian-Jenner Websites Expose Nearly 900,000 User Names And Emails In Security Flaw
The new Kardashian-Jenner websites exposed nearly 900,000 user names and emails in a security flaw.
Kim Kardashian, Khloe Kardashian, Kendall Jenner, and Kylie Jenner all launched individual websites and apps earlier this week. (Kourtney Kardashian’s pair are still in the works.) The family has been promoting the services non-stop, and so many people have attempted to log on at times that the servers repeatedly crashed. The clan, however, has also been met with criticism for charging a monthly subscription fee for access to some “exclusive” content.
A bigger issue was revealed on Wednesday, though. A 19-year-old developer Alaxic Smith uncovered a massive security flaw after signing up for Kylie’s website. Smith found an error in the coding that allowed him to access unsecured API data, specifically the user names, full names, and email addresses of the more than 600,000 people who have signed up for Kylie’s site. After discovering the issue, he realized the same problem existed on Kim, Khloe, and Kendall’s sites, adding hundreds of thousands of more people to the list of subscribers’ whose personal information was right there available on the web to anyone smart enough to figure it out.
Smith wrote a blog post for Medium about the issue, explaining he went digging out of curiosity, and even found the sites were so unprotected, he could’ve deleted or created the content if he wanted. And the number of individual users at risk totaled 891,240. Concerned, Smith questioned, “Should users trust not only their personal information, but also payment information with these apps?” But the company supporting the Kardashian-Jenners in their new endeavor insists there is nothing to worry about.
In a statement, a spokesperson for Whalerock Industries says, “Shortly after launch we were alerted that there was an open API. It was promptly closed. Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses. Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers’ data.”
What’s more, Smith has since taken down his blog post. An investigation into his own actions and the issue in general is ongoing. TELL US: What do you think of the Kardashian-Jenner websites having a security breach?