This post originally appeared on Business Insider.
The new Kardashian and Jenner apps have been taking over the App Store like a rampaging army, with Kylie Jenner’s app rocketing to the No. 1 spot.
Both the Kardashians and Jenners also released their own personal websites to go along with their new apps, but a security flaw has reportedly exposed the personal information of all the first 891,240 users, according to TechCrunch. The information includes first and last names, as well as email addresses.
A developer named Alaxic Smith discovered the security bug by poking around on the Kardashian and Jenner websites (associated with the apps), according to Fortune. He found an unsecure part of the site, which contained partial login information for all app users.
“Initially, I thought that this was some page filled with dummy data, but as I started to look closer, I realized it wasn’t,” he wrote on Medium. (The post has since been taken down.) “I now had access to the first names, last names, and email addresses of the 663,270 people who signed up for Kylie Jenner’s website.” He also found he could create or destroy users’ photos and videos, he wrote.
Smith then confirmed that all the sisters’ sites, which were made by Whalerock Industries, had the same flaw. The company has since addressed the problem and issued this statement to TechCrunch:
Shortly after launch we were alerted that there was an open Api. It was promptly closed. Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses. Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers’ data.
See also: A Computer Glitch Has Grounded American Airlines Flights at Several Major Airports
