Theta360 leak – 11 million photos, user data exposed

camera dslr 360

Updated July 18th, 2019

An open database exposed at least 11 million photographs after the Theta360 photo sharing system run by Ricoh was breached.

“The data breach exposed thousands of users’ photos, many of whom chose to keep their images private,” according to a blog post from vpnMonitor, whose researchers, Noam Rotem and Ran Locar, discovered the database. “The breach did not expose users’ most personal information, but in many cases, we located their usernames, first and last names, and the captions they wrote in the exposed database.”

While the researchers couldn’t directly access users’ social media accounts through the system, they said information exposed included user names, usernames, each photo’s universal unique identifier (UUID), captions and privacy settings.

The UUID’s allowed access to any exposed photo and in some cases, the researchers could easily connect the usernames in the database to the user’s social media account.

Rotem and Locar discovered the leak on May 14 and contacted Theta360 on May 15, receiving a response that same day. By May 16, Theta360 had closed the leak.

“Exposing personal photos publicly is a major violation of customer privacy,” said Jonathan Bensen, CISO and senior director of product management at Balbix, giving Ricoh the nod for taking immediate action but noting“organizations should not be relying on third-party researchers to detect this kind of vulnerability.”

Bensen added  that it’s impossible for humans alone to monitor all assets that may be vulnerable to attack or exposure, but machine learning and artificial intelligence tools can—and should—be leveraged by organizations to continuously monitor for risk and vulnerabilities.

What do you think?

102 points
Upvote Downvote

Written by Kofi Anash

phone hidden camera filming

Pedophile filmed himself raping a toddler and posted it on Dark web

facebook cellphone

Facebook – “There Is No Invasion Of Privacy At All, Because There Is No Privacy”