Benevolent software developer exposes security flaw in Kardashians’ websites
The Kardashians almost leaked valuable customer data, but thanks to a benevolent user, the information was secured.
Recently, Kardashian and Jenner sisters Kim, Khloe, Kendall and Kylie launched mobile applications, delivering exclusive content to fans for a monthly fee.
Software developer Alaxic Smith was browsing the gateway websites for the mobile applications and decided to look at the site's code to see how it was constructed, which he stated on his blog is something most developers do.
Smith soon uncovered a file embedded in the code that linked to a protocol designed to gather and store customer information, as well as other metrics the sites may be tracking. Smith attempted to access the database expecting to hit a firewall or some other security, but was allowed right in and had immediate access to information for all four websites and mobile applications.
With only very minimal effort, Smith was able to access this data, which included user information, the ability to create false user accounts and delete the accounts of others. He also could access, alter and delete photos, videos and other information. The one thing not exposed in the data gap was credit card information, but Smith still saw this as a major issue, and a problem for services like these going forward.
"It's clear why this is a major issue, and raises the question: should users trust not only their personal information, but also payment information with these apps?" he wrote. Smith said that he has been in touch with the company which developed these applications and websites and it has since patched this security gap.
Not every company will have users like Smith who are both knowledgeable enough to discover this type of security flaw and kind enough to report it to developers. Ensuring that data is secure is one aspect of a business continuity plan that will help prevent these types of situations.