Social media websites blew up earlier this week when the Kardashian sisters launched their own line of apps and websites to provide fans with exclusive content.
On Kylie Jenner's app, for example, the teen star posts photos and blog entries, similar to those she posts on Snapchat or Instagram. While hundreds of thousands of people scrambled to purchase a subscription for the content, one developer, Alaxic Smith, explored the websites' buried code.
He found that for a brief period, all the websites exposed users' subscriber information, including their first names, last names and email addresses. Exploiting a flaw in one of the sites' APIs, Smith could also create or delete users, photos and videos, he wrote on a now-cached Medium post.
The website creator, Whalerock Industries, confirmed the breach and said it patched the open API. No one else exploited the flaw, the company said.
This article originally appeared at scmagazineus.com