Talk about a boo-boo.
The new Kardashian and Jenner exclusive websites launched earlier this week — but apparently nothing goes off without a hitch!
Shortly after the sites went live, Alaxic Smith, a 19-year-old developer came across a little problem which he found could be used to gain access to a list of all four website’s — Kim Kardashian West, Khloe Kardashian, Kendall Jenner, and Kylie Jenner — users information.
Related: Kim Kardashian First Heard ‘Rumors’ About Caitlyn Jenner When She Was 11
Smith posted online — before it was removed — the story of how he came across the information saying he discovered a Javascript file that he began to play around with. In the post he said:
“Just for fun, I decided to un-minify this file to see what kind of data they were collecting from users and other metrics they may be tracking. I saw several calls to an API, which of course made sense. I popped one of those endpoints into my browser, and got an error just liked I expected.”
It was at this point that he logged onto Kylie’s website — because duh, of course it would be Kylie’s — with his own username and password and found the “endpoint” took him to a page that listed the first and last names as well as user names, and emails of over 650,000 users! Oh yeah, and he could delete any data any user had decided to share on the site.
Well of course Alaxic then tried this on the other sites and they did the same thing!
If this is true, it means that over 890,000 users were exposed according to Smith’s account.
The company that built the websites, Whalerock Industries, have since said that the issue has been fixed and confirmed that no payment information was compromised. In a statement the company released, they said:
“Shortly after launch we were alerted that there was an open Api. It was promptly closed. Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses. Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers’ data.”
We’re not exactly sure how we feel about this. A breach in security is such a major issue, it definitely makes us think twice about trusting the sites.
What about you? Does this turn you off of wanting to subscribe to any of the Kardashian or Jenner sites? Sound off in the comments (below)!