Television personalities and sisters, Kim Kardashian, Khloe Kardashian, Kendall Jenner, and Kylie Jenner launched their individual websites and apps earlier this week.
As the celebrity sisters, mobile applications are dominating the app store, after seeing thousands of downloads on the first day of the release; the websites launched alongside have become a matter of worry for the users whose personal information had been exposed.
The sisters had released new websites to help them better connect with their fans while offering a more personal look into their lives. But a flaw in the design of their sites had exposed the first and last names as well as the email addresses of its 891,240 users.
A 19-year-old developer, Alaxic Smith who runs an app called Communly, discovered the security issue and wrote the detailing on a publishing site, Medium on how he was able to access the full names and email addresses of users who signed up for their sites.
Smith who went about digging into the site just out of curiosity found a major security flaw in the websites.
Smith had discovered that an open unsecured Application Program Interface (API), which is a set of protocols and tools to build a software application, was present on the site which provided him access to the names and email addresses of subscribers.
Smith had also discovered that the same API was used across the other sister's sites, too. Moreover, the developer said that he had the ability to create and destroy user’s photos, videos and more, though he didn’t do so.
However, no payment information involved as the sites themselves don't handle any funds, leaving that up to app stores and third-party services.
The sites crafted by a software development firm, Whalerock Industries had affirmed that Smith is now cooperating with the company and has taken down his original blog post and declined to talk to media.
The company also confirmed that the problems had since been addressed.
“Shortly after launch we were alerted that there was an open API. It was promptly closed,” said a spokesperson of Whalerock.
Whalerock is in the process of finding out if he had actually archived the findings.
Though on not tempering with the data, the company should thank the young teen for finding its security flaw, but if he’s unlucky enough, the consequences can be pretty negative when some of the biggest celebrities are involved.