14 DAY TRIAL // Yesterday, the Kardashian clan launched four new websites and four new apps for Kim Kardashian, Khloe Kardashian, Kendall Jenner, and Kylie Jenner.
Each girl launched her own website and an accompanying subscription-based mobile app, which will be used to push premium and exclusive content to their dear followers.
Celebrities trying to monetize on their fame is nothing new, but as all developers know, most services that launch usually still have a few bugs here and there. While the Kardashians may think they are above everyone else, their websites sure aren't.
According to Alaxic Smith, CEO and Co-Founder of Communly, the company behind these new apps and websites, Whalerock Digital Media, left their API server unprotected, allowing any tech-savvy user to get details on users registered on the Kardashian / Jenner websites.
As Mr. Smith recounts in a Medium blog post (Google cache here if Medium blog post goes down), being a developer himself and driven by the curiosity of seeing how Kylie Jenner's recently launched website was constructed, he went sifting through the source code.
Unpacking one of the minified JavaScript files, he came across an API endpoint. Wanting to see what was on the other end of the API, Mr. Smith tried to access it inside his browser. After at first being faced with an error message, he registered on Kylie's website, and soon he was granted access to the API's content.
The websites' APIs revealed details of all their registered users
While initially he thought he stumbled over some dummy data, to his surprise, Mr. Smith found that the API wasn't properly protected, and he was actually looking at the entire site's userbase, showing information like username, first and last name, email address, user level, and subscriber status.
The same issue he found on all the other girls' websites, and according to his findings, at the time when he discovered the security flaw, the API revealed that there were 663,270 users registered on Kylie Jenner's website (thekyliejenner.com), 96,635 users registered on Khloe Kardashian's website (khloewithak.com), 80,679 users on Kim Kardashian's website (kimkardashianwest.com), and 50,756 users on Kendall Jenner's site (kendallj.com).
Yes, we saw it too. There are 8 times more users on Kylie's website than on Kim's.
Whalerock Digital Media was notified of the issue, and as of 8:10 AM PST, the API endpoint was protected from unauthorized access.
