After launching a very successful app that is now dominating the App Store, the Kardashian-Jenner sisters recently opened websites to show their fans a personal side of their lives, but they missed a major bug. As 19-year-old developer Alaxic Smith pointed out after poking around with the webpages explained on Medium, he was able to easily access the user data from almost a million users contained in a simple java file that anyone could access. The data spill includes all the users' first and last names as well as their email addresses.
The discovery is particularly disturbing for the users, especially considering that the website is where they can consume premium content that they paid for through the app, but fortunately their payment details were not available to access. Smith has taken down the post from Medium and is now cooperating with the company behind the sites and apps. According to TechCrunch, a company's spokesperson commented the following:
Shortly after launch we were alerted that there was an open Api. It was promptly closed. Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses. Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers' data.