"The researcher, who goes by Zeacer, alerted TechCrunch to the security issue in late November after reporting the vulnerability to Hama Film, the photo booth maker that has franchise presence in Australia, the United Arab Emirates, and the United States, but did not hear back. Zeacer shared with TechCrunch a sample of pictures taken from Hama Film's servers, which showed groups of clearly young people posing in photo booths."
"When Zeacer first found this flaw, he noted that it appeared that photos were deleted from the photo booth maker's servers every two to three weeks. Now, he said, the pictures stored on the servers appear to get deleted after 24 hours, which limits the number of pictures exposed at any given time. But a hacker could still exploit the vulnerability he discovered each day and download the contents of every photo and video on the server."
"Vibecast, which owns Hama Film, has yet to respond to his messages alerting the company of the issues. Vibecast also hasn't responded to several requests for comment from TechCrunch, nor did Vibecast's co-founder Joel Park respond to a message we sent via Linkedin. Before this week, Zeacer said at one point he saw more than 1,000 pictures online for the Hama Film booths in Melbourne."
Security researcher Zeacer discovered a website storage flaw that exposed customers' photos and videos uploaded from Hama Film's photo booths. Hama Film's booths print photos and upload copies to company servers; exposed samples included groups of clearly young people. Vibecast, which owns Hama Film, did not respond to vulnerability notifications or media requests. Photos were initially deleted every two to three weeks but now appear to be removed after 24 hours, which reduces but does not prevent exposure. A malicious actor could exploit the flaw daily to download all photos and videos on the server. Specific technical details are being withheld to limit exploitation.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]