Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
There are plenty of online shops which offer to print your photos, visiting cards and t-shirts. But do they protect the photos or personal information you share with them? We will find out.
We discovered a security vulnerability in Inkmonk.com (India’s first print marketplace) which leaks all the photos you have uploaded, via a simple API:
The ids used in the above API is serially iterable and the response looks like this:
And if you click on one of the URLs in the above response, you will see the pictures uploaded by the users of the website. They do not require any kind of authentication at all. Some examples below:
This security bug was reported to the InkMonk on 19th November, 2017. They acknowledged the existence of the issue and promised a fix in coming days. They even sent goodies for finding the issue.
I contacted them again after a month saying that it is still vulnerable but got no response. Even after a year and a month being passed as of writing this (19th December, 2018) and it is still not fixed.
Sadly, security vulnerabilities take back seat amongst other aspects of running a company.
For now, stop uploading your personal photos and personal information like visiting cards online if you care about your privacy.
To technology companies, please prioritize security of your users above everything else.
Stop printing your personal photos via online websites was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.