- Trump retweeted a QAnon supporter during his Twitter bender Today 1:24 PM
- Katrina Pierson supports Trump tweeting more about Fox than New Zealand shooting Today 1:19 PM
- PewDiePie’s alt-right ties are impossible to ignore Today 1:05 PM
- With this blade, I protect this meme Today 12:48 PM
- Lead actress in ‘The Color Purple’ revival criticized for homophobic post Today 12:39 PM
- ‘Arrested Development’ ends the same way it did the first time—unceremoniously Today 12:10 PM
- Alleged gunman tried to rob YouTuber Adam22 during livestream Today 11:32 AM
- Turkish president used New Zealand shooting footage at campaign rallies Today 11:09 AM
- 8 adorable tea infusers that will warm you with cuteness Today 10:26 AM
- The Super Nintendo Pro is the wireless controller of your dreams Today 10:25 AM
- Lori Loughlin reportedly dropped from ‘Fuller House’ final season Today 10:10 AM
- The Legend of Zelda Encyclopedia Deluxe Edition is a true treasure Today 10:00 AM
- Even Republicans are angry with the GOP’s anti-Beto tweet Today 10:00 AM
- ‘Egg Boy’ vows to send GoFundMe money to mosque shooting victims Today 9:55 AM
- Noom is a weight loss program that prioritizes your mental health Today 9:10 AM
A popular app that allows anyone to find their celebrity look-alike left users’ photos exposed online, TechCrunch reports.
The “Twinning” tool, developed by American media and technology company PopSugar, works by comparing a selfie or any other image to a database of celebrity photos. Users can then share their results, which includes their top five look-alikes as well as their “twinning percentage,” on social media.
But TechCrunch’s examination of the Twinning tool’s source code reveals the web address of where the selfies are uploaded—an Amazon Web Services storage bucket.
That bucket, however, was not secured properly, allowing anyone with its URL to view and download the hundreds of thousands of selfies being uploaded in real-time.
TechCrunch says it was able to verify the issue by “uploading a dummy photo of a certain file size at a specific time.”
“Then, we scraped a list of filenames uploaded during that time period from the bucket’s web address, downloaded them and found our uploaded image by searching for that photo of a certain file size. (We didn’t download any more than necessary to preserve people’s privacy.)” TechCrunch states.
Although PopSugar did not respond to requests for comment from TechCrunch, the publication says the bucket was quickly locked down after it sent an email.
Mike Patnode, vice president of engineering at PopSugar, later admitted to TechCrunch that “the bucket permissions weren’t set up correctly.”
While users may not be concerned about their selfies being exposed, the incident is a reminder of how vulnerable data can be online. Had the mistake involved social security numbers or other personal information, the results may have been much more serious.
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.