A young developer, poking around the code of Kylie Jenner‘s new website, was able to access the full names and email addresses of over 600,000 users.
In addition to personal info, Alaxic Smith, 19, was able to create, alter and destroy user photos, videos and more.
Smith, who exposed the website’s vulnerabilities for the fun of it, says he’s not seeking to release any of the info, rather he’s just giving Kylie a “heads up.”
I’ll admit I downloaded Kylie’s app just to check it out. I also checked out the website, and just like most developers, I decided to take a look around to see what was powering the site. After I started digging a little bit deeper, I found a JavaScript file namedkylie.min.75c4ceae105ad8689f88270895e77cb0_gz.js. Just for fun, I decided to un-minify this file to see what kind of data they were collecting from users and other metrics they may be tracking. I saw several calls to an API, which of course made sense. I popped one of those endpoints into my browser, and got an error just liked I expected. h/t techcrunch
If I were Kylie, I’d be expecting a nice refund from the developers! And if I was a Kylie subscriber, I’d be expecting a nice refund from her!
SPRINGFIELD, IL. (THECOUNT) — Daniel Crumrine, the Golf Course Superintendent for the Springfield Park District,…
JUPITER ISLAND, FL. (THECOUNT) — Golf legend Tiger Woods was arrested Friday afternoon and charged…
TIFFIN, OH. (THECOUNT) — Hermoiney Greenler, Madison Yates, Jonathan Bowling, and Alexzandria Hickle have all…
LIVINGSTON, AL. (THECOUNT) — An Iowa truck driver was killed early Thursday morning when his…
FULTON, Mo. (THECOUNT) — Wallace J. Franklin Jr., an accomplished executive chef and former Iowa…
LUBBOCK, TX. (THECOUNT) — A teenage motorcyclist was killed Thursday afternoon after his motorcycle struck…