Kardashian websites hacked via unsecured API

Hundreds of thousands of subscriber records were accessed, but no payment details were revealed

The Kardashian family has been the subject of a hack that revealed subscriber details of more than 600,000 people.

Luckily for them, it was accessed by a developer who told the company behind the websites about it via a blog post rather than a malicious attacker who wanted to ruin the reputation of the Kardashian family.

Advertisement - Article continues below

The flaw was first discovered on Kylie Jenner's website, but 19-year-old developer and CEO of communly.com Alaxic Smith then discovered the same API was used on other sites run by the family.

He managed to find the first and last names of 600,000 users on Kylie's website and was able to access the same information on Kim, Kendall and Khloe's websites too.

TechCrunch revealed he was also able to, "create and destroy users, photos, and videos," making it a very powerful flaw for malicious hackers who may want to cause damage.

Whalerock Industries, the company running the group of websites said it took down the API as soon as it was made aware of the problem.  

"Shortly after launch, we were alerted that there was an open API. It was promptly closed. Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses," it said in a statement.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The websites don't handle payments of any kind, so other sensitive information such as card details or bank account information was not available to Smith.

The Kardashian websites launched alongside apps just a few days ago and almost 900,000 people signed up to the service, which costs $2.99 a month.

Mark James, security expert at IT security provider ESET, said: "This is what can happen when you take a massive, potential money making scenario and apply an urgency to get it off the ground without thoroughly looking into the security aspect of how you're going to protect all the vulnerable peoples data you will collect.

"They receive the monetary benefits so they should be involved in making sure that the right people look after it and as much money that's needed is ploughed into making it secure. We will see more and more celebrities utilising this avenue for exposure and with that comes the risk of more people trying to get access to that data, some may not make it public until after they have used and abused it."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/policy-legislation/data-protection/355835/nhs-yet-to-understand-the-risks-of-holding-test-and-trace
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020