The Kardashians are having a hard time keeping up with cybersecurity.
The Kardashian-Jenner sisters launched new Web sites and apps this week. (Well, Kim, Khloe, Kendall and Kylie did -- Kourtney's is still on the way). But the sites left the names and e-mails of nearly 900,000 users exposed due to a security flaw.
Alaxic Smith, a 19-year-old developer, started poking around at their code shortly after the apps and Web sites went live and found the bug, according to a now deleted post on Medium. (A cached version lives on.)
The issue affected all of the sisters' sites and further allowed him to create or destroy users' accounts, photos videos, "and more," Smith wrote. He added that he did not steal or modify any data. He also wrote that he was reaching out to Whalerock Digital Media, the company behind the sites, to let them know about the problem. Smith, who is working on his social networking style site called Communly, declined to comment further.
Whalerock acknowledged the issue in a statement, but said it quickly fixed the problem and did not expose passwords or payment information. "Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses," the company said, adding that the logs indicated no one else accessed the information." Our highest priority is the security of our customers’ data," the company said.
But while the exposure appears to be limited in this particular case, the Kardashian sites may serve as a cautionary tale for consumers: There are now an almost countless number of sites and services collecting data about people every day -- and ultimately users are trusting them to keep that data safe.