Authorization

Security lapse exposed private Theta photos

Millions of photos taken by Theta camera owners — some private and unlisted — were left exposed after security researchers found an open database without a password.
Noam Rotem and Ran Locar found the leaky database and reported the exposure to Ricoh, which secured the database within a day. The printing tech giant has sold thousands of the 360-degree camera since the device’s debut in 2014. Users can upload and share their photos and videos to the cloud using the camera.
But that cloud database that was left wide open, said Rotem and Locar, who also wrote up their findings. Anyone with access to the database could have easily accessed any of the 11 million photos stored online.
The researchers shared a sample of the data with TechCrunch to verify. We were able to easily access private and unlisted photos uploaded to Ricoh’s website by transplanting the unique file identifier found in the database into the cloud storage server’s web address.
In some cases the user’s name and captions were also viewable.
Security lapse exposed private Theta photos
One of the 360-degree Theta cameras manufactured by Ricoh. (Image: Andreas Rentz/Getty Images)
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«    Июль 2020    »
ПнВтСрЧтПтСбВс
 12345
6789101112
13141516171819
20212223242526
2728293031