It’s a new year, folks, but there’s still one last data leak from 2018 we need to discuss. If you spent any time online over the holiday break, you’ve probably seen someone on Facebook or Twitter posting photos from Popsugar’s Twinning app, which uses facial recognition to tell you what celebrities you may kind of, sort of look like a little bit.
Guess what? The photo (or photos) people submitted were leaked. You could find them using a Google Image search or, you know, download them in bulk.
The leak, discovered by TechCrunch, occurred because of a poorly secured Amazon Web Services storage bucket, which made user-submitted photo files publicly accessible if you knew where to look.
According to the report, the leak seems to have been plugged, so to speak, but the app has been out there for some time sooooo... I hope everyone likes the photos they submitted!
The only thing exposed was a file whose contents were, in theory, going to be shared publicly anyway. That isn’t an excuse, of course—users expected their photos to be stored safely—but after living through the Equifax hack in 2017 and the massive Facebook data breach reported in 2018, this leak is relatively small potatoes by comparison.
Personalised ads — they aren’t just on your screens anymore. For the past few years, advertisers have been experimenting with ways to apply all that data they have about you to billboards and other IRL advertisements. Think about how creepy it is when Facebook knows too much about you.
Now imagine how it would feel if a giant flat-screen at the mall showed you that same information in giant text that other people probably aren’t looking at, but definitely could read if it caught their eye.
On the other hand, the Popsugar leak should also serve as a reminder that there’s always a risk involved when you share information online, even with a brand you know for a fun, care-free purpose. Last spring, hacker Inti De Ceukelaire revealed that a quiz app called NameTests exposed 120 million Facebook users’ personal data.
Months later, Timehop, an app that prompts you to repost old photos from your social media accounts, leaked private data from its 21 million users.
Google and Microsoft specifically have said they would not use photos submitted through these apps for other purposes, though that has not stopped people from worrying about how else their photos may be used. Those concerns are not unwarranted: In 2017, digital security experts found that Meitu, a viral photo filter app for selfies, was recording personal data not related to the app.
Unfortunately, the only advice I can really give you is to avoid these kind of one-off apps because you may get burned. In this age of sudden, widespread data leaks, that kind of feels like telling you not to go outside because you might get hit by a car crossing the street.
Then again, Popsugar says I look like Guy Fieri and I’m fucking furious. Never mind. Shut it all down.