Article 4ZCB6 PhotoSquared app exposed customer photos and shipping labels

PhotoSquared app exposed customer photos and shipping labels

by
Zack Whittaker
from Crunch Hype on (#4ZCB6)

Popular photo printing app PhotoSquared has exposed thousands of customer photos, addresses and orders details.

At least 10,000 shipping labels were stored in a public Amazon Web Services (AWS) storage bucket. There was no password on the bucket, allowing anyone who knew the easy-to-guess web address access to the customer data. All too often, these AWS storage buckets are misconfigured and set to "public" and not "private."

The exposed data included high-resolution user-uploaded photos and generated shipping labels, dating back to 2016, and was updating by the day. The app has more than 100,000 users, according to its Google Play listing.

It's not known how long the storage bucket was left open.

photosquared-exposed-data.jpg

One of the customer orders, including photos and the customer's shipping address. The exposed storage bucket also had thousands of shipping labels. (Image: TechCrunch)

Security researchers provided the name of the exposed bucket to TechCrunch. We matched a number of shipping labels against existing public records, and contacted PhotoSquared on Wednesday to warn of the exposure.

Keith Miller, chief executive of Strategic Factory, which owns PhotoSquared, confirmed that the data was no longer exposed; however, Miller declined to say if it planned to inform customers or regulators under data breach notification laws.

At the time of writing, PhotoSquared has made no reference to the security lapse on its website or its social media accounts.

Stop saying, 'We take your privacy and security seriously'

Techcrunch?d=2mJPEYqXBVI Techcrunch?d=7Q72WNTAKBA Techcrunch?d=yIl2AUoC8zA Techcrunch?i=q0rvdIlZqck:duOkks-LOWw:-BT Techcrunch?i=q0rvdIlZqck:duOkks-LOWw:D7D Techcrunch?d=qj6IDK7rITsq0rvdIlZqck
External Content
Source RSS or Atom Feed
Feed Location http://feeds.feedburner.com/TechCrunch/
Feed Title Crunch Hype
Feed Link https://techncruncher.blogspot.com/
Reply 0 comments