Popsugar's Twinning app was leaking everyone's uploaded photos

[InfoSec News <alerts () infosecnews org>]

https://techcrunch.com/2018/12/31/popsugar-twinning-leak-selfie-photos/

By Zack Whittaker
TechCrunch
December 31, 2018

I thought the worst thing about Popsugar's Twinning tool was that it 
matched me with James Corden.

Turns out, the hundreds of thousands of selfies uploaded to the tool were 
easily downloadable by anyone who knew where to look.

The popular photo-matching tool is fairly simple. "It analyzes a selfie or 
uploaded photo, compares it to a massive database of celebrity photos to 
find matches, and finally gives you a 'twinning percentage' for your top 
five look-alikes," according to Popsugar, which developed the tool. Then, 
you share those matched photos on Facebook and Twitter so everyone knows 
that you don’t look at all like one of the many Kardashians.

All of the uploaded photos are stored in a storage bucket hosted on Amazon 
Web Services. We know because the web address of the bucket is in the code 
on the Twinning tool's website. Open that in your web browser, and we saw 
a real-time stream of uploaded photos.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_