POPSUGAR's "#twinning" site is leaking users' selfies

Written over 1 year ago by IanDorfman

Entertainment and pop culture oriented fashion site company POPSUGAR is storing photos that users upload in a way that can be accessed by anyone.

First reported by TechCrunch, the Small POPSUGAR iconPOPSUGAR website's "#twinning" tool allows users to take and upload selfies of themselves in order to find out which celebrity they match up closest to. These photos are all stored on Amazon Web Service cloud hosting, which itself isn't a bad thing. How TechCrunch deduced this, however, is wherein the problem lies: The website's code lists the URL of the storage bucket where the photos are uploaded to and stored. Anyone with that URL can simply use it to access a stream of real-time photos uploaded to the site.

Though Small POPSUGAR Twinning iconPOPSUGAR Twinning is relatively minor in terms of data leaks that have come to define one of the primary issues in data security over the past several years, it still serves as an important reminder to remain vigilant when sharing your personal data, including content such as photos, on websites like it. Even sites with no malintent but poor security can put your personal information at risk. This especially goes for sites and services like #twinning that ask for information such as a selfie in exchange for something as unimportant as photo matching to a celebrity.

Further coverage:
TechCrunch
Engadget