As if we needed another reason to hate the Kardashians. Break the internet? Kinda, but not by exposing Kim’s over-hyped and plump butt this time. The Kardashian’s new mobile apps is extremely popular for some unknown reason, but the websites that were recently launched alongside those offerings had a major flaw. This will not be good for devoted fans of people who are popular for no good reason.
An open unsecured API gave developer Alaxic Smith access to the names and email addresses of hundreds of thousands of subscribers when he poked around Kylie Jenner’s site. Uh Oh! There were over 600,000 on that site alone. Smith also discovered that the same API was used across the other sister sites. He did not discover however, the exact reason for the Kardashian’s fame. That will have to remain a mystery. And an annoyance to those of us who can’t stand them.
The good news here is that no payment info was accessible because the sites themselves don’t handle any funds, leaving that up to app stores and third-party services. So at least that’s something.
Whalerock Industries, the company that runs both the Kardashian sites and apps was alerted to the problem just after launch and the API was “promptly closed.” Whalerock says that Smith was only able to look at “a limited set” of user info and that access to passwords and payment info wasn’t touched. It looks like Smith may be in a bit of bother over this since he has pulled his blog post and Whalerock is now trying to figure out just what he saw and if he actually archived any of it. I guess it doesn’t pay to find a security flaw and post about it when big celebrities are involved. Oh well. I’m sure Kim and the gang will not lose any sleep over the whole thing.