- How to watch ‘American Horror Story: 1984’ 4 Years Ago
- What’s new in Call of Duty: Modern Warfare? 4 Years Ago
- ‘Carole and Tuesday’ is a feast for the eyes, ears, and heart 4 Years Ago
- Tara Booth’s Instagram art embraces the comedy in mental health struggles Today 6:00 AM
- Everything we know so far about Peacock, NBC’s new streaming service Tuesday 7:42 PM
- Selena Gomez producing docuseries about immigration for Netflix Tuesday 7:11 PM
- How to stream Manchester City vs. Shakhtar Donetsk in Champions League action Tuesday 6:14 PM
- Milo Yiannopoulos threatens to crash furry convention he is barred from Tuesday 5:54 PM
- How to stream Juventus vs. Atletico Madrid in Champions League action Tuesday 5:52 PM
- How to stream Real Madrid vs. PSG in Champions League action Tuesday 5:24 PM
- No-fly zone implemented over Area 51 ahead of Alienstock festival Tuesday 5:16 PM
- TikTok accused of censoring content about Hong Kong protests Tuesday 5:04 PM
- Smoke ’em, pass ’em, Week 3: At the Bakery Tuesday 4:38 PM
- Alex Trebek says he will be undergoing chemotherapy again Tuesday 4:27 PM
- Dan Crenshaw roasted after attacking Sanders’ call for veteran care Tuesday 4:19 PM
If you’re a Kim Kardashian superfan, you might be super screwed.
Kardashian’s personal website is full of security holes that put visitors at risk of malware and potential identity theft, the Daily Dot has learned.
In early April, security researcher and university student Jamie Woodruff discovered over a dozen security vulnerabilities in Kardashian’s website, KimKardashian.com. Woodruff says he immediately reported the security flaws to the site’s administrator, which he corroborated in an April 10 email shared with the Daily Dot. He says he also tweeted directly to Kardashian and her media-relations representatives. More than a month later, Woodruff has yet to receive a response.
The vulnerabilities Woodruff discovered not only put the integrity of the site at risk, he warns, but ostensibly the personal information of tens of thousands of fans.
“If the fans use the website, they could be at risk of downloading infected software; or worse, their information could be stolen from the database,” Woodruff said. He notes that the user passwords stored by WordPress are probably easy to decrypt, and that all too often people reuse passwords for more crucial purposes, like securing their bank accounts.
At 22, Woodruff holds security ‘ethical hacking’ certification from the EC Council, a status recognized by U.S. government agencies, including the National Security Agency. “I have always used my talent for good and ethical purposes,” Woodruff said.
In addition to Kardashian’s various social media accounts, KimKardashian.com serves as an archive of personal photos, videos, and messages, all allegedly published by the star herself. Woodruff says he first visited the site last month while trying to confirm rumors that an American arts school planned to give Kardashian’s husband, Kanye West, an honorary doctorate. (The Art Institute of Chicago awarded the musician with a Ph.D. on May 11.)
“I was looking online to see about Kanye’s doctorate, because I felt that he didn’t deserve one—calling himself ‘God,’ etc.,” said Woodruff, a student at Bangor University.
A plugin in Woodruff’s browser revealed that Kardashian’s site was running WordPress, a widely used content management system. After browsing to the site’s publicly accessible ‘readme’ page, he noticed the WordPress version used by KimKardashian.com was over two and half years old.
“I then used a tool, which tested the WordPress version to confirm my suspicions,” Woodruff said.
A security report provided by Woodruff to the Daily Dot detailed 15 security flaws that could be exploited for a variety of attacks. Some were useful for knocking the website offline using a denial-of-service attack. Others could enable an attacker to reset administrator and user passwords without an email request, bypass restricted URLs and folders, or steal login cookies.
Depending on which WordPress plugins are in use, half a dozen other, more serious bugs make it simple for a hacker to create a backdoor into Kardashian’s site, which could then be used to download databases containing user data—or, worse, upload malware that might infect thousands of computers.
“If the website uses shared hosting, then there’s a risk that other websites on the server can also be accessed,” Woodruff said, meaning there’s a chance that users on other websites unaffiliated with Kim Kardashian could also be at risk.
Woodruff detailed the extensive security flaws in an email to the site’s administrator; after 30 days he received no reply, and the site remains vulnerable.
The Web administrator listed for KimKardashian.com did not respond to our request for comment.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.