- Ohio KKK rally met with massive counter-protest and witty signs from local businesses Today 5:06 PM
- Guy who said he stole drugs from MS-13 now says viral story is fake Today 4:07 PM
- Financial service company left 885 million private records exposed online Today 3:13 PM
- Sasha Obama went to prom and Twitter is delighted with the photos Today 2:22 PM
- Jon Voight says Trump is the greatest president since Lincoln in Twitter videos Today 1:31 PM
- #DeleteFacebook gains momentum after the platform refused to remove doctored Nancy Pelosi videos Today 11:58 AM
- ‘Game of Thrones’ failed women—and it’s a shame on its legacy Today 7:40 AM
- How to use Tor, the network that lets you browse the web anonymously Today 7:30 AM
- How to live stream Devin Haney vs. Antonio Moran on DAZN Today 7:00 AM
- Trump’s transphobic policies are disgusting—but they aren’t new Today 6:30 AM
- How to watch the Copa del Rey Final online for free Today 5:45 AM
- How to watch the DFB-Pokal final for free Today 5:30 AM
- Curvy Wife Guy drops music video for rap song ‘Chubby Sexy’ Friday 7:33 PM
- A ‘Black Mirror’-inspired miniseries is coming to YouTube via Netflix Latin America Friday 5:56 PM
- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Friday 3:27 PM
A popular app that allows anyone to find their celebrity look-alike left users’ photos exposed online, TechCrunch reports.
The “Twinning” tool, developed by American media and technology company PopSugar, works by comparing a selfie or any other image to a database of celebrity photos. Users can then share their results, which includes their top five look-alikes as well as their “twinning percentage,” on social media.
But TechCrunch’s examination of the Twinning tool’s source code reveals the web address of where the selfies are uploaded—an Amazon Web Services storage bucket.
That bucket, however, was not secured properly, allowing anyone with its URL to view and download the hundreds of thousands of selfies being uploaded in real-time.
TechCrunch says it was able to verify the issue by “uploading a dummy photo of a certain file size at a specific time.”
“Then, we scraped a list of filenames uploaded during that time period from the bucket’s web address, downloaded them and found our uploaded image by searching for that photo of a certain file size. (We didn’t download any more than necessary to preserve people’s privacy.)” TechCrunch states.
Although PopSugar did not respond to requests for comment from TechCrunch, the publication says the bucket was quickly locked down after it sent an email.
Mike Patnode, vice president of engineering at PopSugar, later admitted to TechCrunch that “the bucket permissions weren’t set up correctly.”
While users may not be concerned about their selfies being exposed, the incident is a reminder of how vulnerable data can be online. Had the mistake involved social security numbers or other personal information, the results may have been much more serious.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.