The Kardashian-Jenner Family’s New Sites Left Tons of User Data Exposed

The sites’ developer has since silenced the coder who found the hole.

Sep 17 2015, 5:18pm

Image: David Shankbone/Wikimedia Commons

Raging against the Kardashian machine simply because it exists is as old and tired as anything else under the sun, but this time the world's most famous non-political family has actually done something worthy of reproach: leaving hundreds of thousands of fans' personal data exposed.

The Kardashian and Jenner sisters launched a host of new content this week, namely sites and apps designed to give you a more immersive look at their glittering lives. One of the new launches was a site dedicated to the triumphs and travails of 18 year-old Kylie Jenner, the lady-in-waiting to Kim's global omnipresence.

But enterprising young coder Alaxic Smith, who is about Jenner's age, found that developers had left the API wide open, and he could view full names and email addresses for 663,270 people who had already signed up for Jenner's new site. He published his findings on Medium, but has since taken the post down after being successfully forced into silence by the site's developer, Whalerock Digital Media. (A cached version is still available.) Smith was also barred from speaking to the press.

Before it was removed, the post read in part:

"I then noticed that I could do the same API call across each of the websites and return the same exact data for each site. I also had the ability to create/destroy users, photos, videos, and more. It's clear why this is a major issue, and raises the question: should users trust not only their personal information but also payment information with these apps?"

Whalerock Digital Media insists that payment info was always safe, and that the hole has been patched. But it makes you wonder: if we can't trust the Kardashians in these troubled cybersecurity times, who can we trust?