More than 11 million photos have been made available to the public after the Theta360-sharing system operated by Ricoh was disrupted.
“The data leak opened thousands of photos of users, many of whom chose to keep their images secret,” said the vpn Monitor blog, experts Noam Rotem and Ran Locar discovered the database. ‘The hack did not disclose most of the users ‘personal information, but in many cases we found their user names, first and last names, and signatures they wrote in an open database’.
Researchers could not access users ‘social media accounts through the system, they reported that the information left included user names, a universal unique identifier of each photo (UUID), headlines and privacy settings.
The UUID’s allowed access to any exposed photo and in some cases, the researchers could easily connect the usernames in the database to the user’s social media account.
Specialists Rotem and Locar discovered the leak on May 14 and contacted the Theta360 on May 15, receiving a report on the same day. By May 16, the Theta360 had eliminated the leak.
“Exposing personal photos is a serious violation of customer anonymity,” said Jonathan B., Balbix ‘s director of product management. He also stated that companies should not trust third-party specialists.
Bensen added that it was only impossible for humans to track all assets that could be vulnerable to attacks or exposure, but computer training and artificial intelligence tools should be used by companies to continuously monitor risks and vulnerabilities.