New Kardashian, Jenner websites have security flaws: released thousands of subscribers' personal data

The New Kardashian and Jenner Websites Exposed the Data of Nearly 900,000 Users

The New Kardashian and Jenner Websites Exposed the Data of Nearly 900,000 Users

Business Insider
Analyzing the top news stories across the web
Sept. 17 2015 2:44 PM

The New Kardashian and Jenner Websites Exposed the Data of Nearly 900,000 Users

96921922-kim-kardashian-models-fashions-from-the-heart-truth-red
Kiss your personal data goodbye.

Photo by TIMOTHY A. CLARY/AFP/Getty Images

This post originally appeared on Business Insider.

The new Kardashian and Jenner apps have been taking over the App Store like a rampaging army, with Kylie Jenner's app rocketing to the No. 1 spot.

Advertisement

Both the Kardashians and Jenners also released their own personal websites to go along with their new apps, but a security flaw has reportedly exposed the personal information of all the first 891,240 users, according to TechCrunch. The information includes first and last names, as well as email addresses.

A developer named Alaxic Smith discovered the security bug by poking around on the Kardashian and Jenner websites (associated with the apps), according to Fortune. He found an unsecure part of the site, which contained partial login information for all app users.

“Initially, I thought that this was some page filled with dummy data, but as I started to look closer, I realized it wasn’t,” he wrote on Medium. (The post has since been taken down.) “I now had access to the first names, last names, and email addresses of the 663,270 people who signed up for Kylie Jenner’s website.” He also found he could create or destroy users' photos and videos, he wrote.

Smith then confirmed that all the sisters' sites, which were made by Whalerock Industries, had the same flaw. The company has since addressed the problem and issued this statement to TechCrunch:

Shortly after launch we were alerted that there was an open Api. It was promptly closed. Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses. Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers’ data.