Those new Kardashian and Jenner websites just exposed the personal data from nearly 900,000 subscribers
Both the Kardashians and Jenners also released their own personal websites to go along with their new apps, but a security flaw has reportedly exposed the personal information of all the first 891,240 users, according to TechCrunch. The information includes first and last names, as well as email addresses.
A developer named Alaxic Smith discovered the security bug by poking around on the Kardashian and Jenner websites (associated with the apps), according to Fortune. He found an unsecure part of the site which contained partial login information for all app users.
"Initially, I thought that this was some page filled with dummy data, but as I started to look closer, I realized it wasn't," he wrote on Medium (the post has since been taken down). "I now had access to the first names, last names, and email addresses of the 663,270 people who signed up for Kylie Jenner's website." He also found he could create or destroy users' photos and videos, he wrote.
Smith then confirmed that all the sisters' sites, which were made by Whalerock Industries, had the same flaw. The company has since addressed the issue, and issued this statement to TechCrunch:
Shortly after launch we were alerted that there was an open Api. It was promptly closed. Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses. Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers' data.