Click here to sign up for our newsletter & receive a £5 voucher![close]
×

Registration

Profile Informations

Login Details

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

Popsugar's Twinning Selfie App Springs A Leak And Exposes Users' Photos

It’s 10pm. Do you know where your selfies are? It was recently revealed that Popsugar’s Twinning app has been accidentally leaking users’ photos. It is believed that hundreds of thousands of photos were available to anyone who knew how to access them.

Popsugar is a media company that focuses on trends, fashion, beauty, fitness, and food. Its Twinning app is a photo-matching tool that finds a user’s top-five celebrity “twins”. Users need to simply upload a selfie of themselves from the shoulders up through the #twinning app. They are then able to share their matches on Facebook and Twitter with a URL.

selfie pair

The photos are stored on an Amazon Web Service (AWS) storage bucket. TechCrunch reported that the web address for the storage bucket could be easily found in Twinning’s website code. The publication was able to open a web browser and view the uploaded photos. It confirmed the leak by uploading a few test selfies and noted that others with more malicious plans would be able to easily download the photos.

Popsugar claims that while they post a composite of the user’s and celebrity photos on a public URL, they “only provide this unique URL to you” to share with your friends. This URL can also be easily removed at the user's request. According to their privacy policy, with the exception of the third-party service providers who match the user with their celebrity twins, no one should be able to access your photos without your permission. 

The leak was reported to Popsugar, which quickly locked the storage bucket. Vice-president of engineering Mike Patnode noted that “the bucket permissions weren’t set up correctly.” The photos can no longer be effortlessly accessed with a web address.

Popsugar is not the only company to recently compromise their users’ photos. Facebook announced this past month that that a bug allowed third-party apps to access the photos of nearly 6.8 million users. The bug enabled third-party apps to acquire photos from Facebook Stories, the Marketplace, and photos that were uploaded but never posted. This was merely one of the many privacy bugs that Facebook dealt with in 2018.

').insertAfter(jQuery('#initdisqus'));
}
loadDisqus(jQuery('#initdisqus'), disqus_identifier, url);

}
else {
setTimeout(function () { disqusDefer(); }, 50);
}
}

disqusDefer();

function loadDisqus(source, identifier, url) {

if (jQuery("#disqus_thread").length) {
jQuery("#disqus_thread").remove();
}
jQuery('

').insertAfter(source);

if (window.DISQUS) {

DISQUS.reset({
reload: true,
config: function () {
this.page.identifier = identifier;
this.page.url = url;
}
});

} else {

//insert a wrapper in HTML after the relevant "show comments" link

disqus_identifier = identifier; //set the identifier argument
disqus_url = url; //set the permalink argument

//append the Disqus embed script to HTML
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'https://' + disqus_shortname + '.disqus.com/embed.js';
jQuery('head').append(dsq);

}

jQuery('.show-disqus').show();
source.hide();
};

function disqusEvent()
{
idleTime = 0;
}

Go to Source