A photo booth company that caters to weddings, lobbying events in D.C., and engagement parties has exposed a cache of peoples’ photos, with the revellers likely unaware that their sometimes drunken antics have been collected and insecurely stored by the company for anyone to download. A security researcher who flagged the issue to 404 Media said the company, Curator Live, has not responded to his request to fix the issue.The exposure, which also includes phone numbers, highlights how we can face data collection even at innocuous events like weddings. It’s also not even the only recent exposure by a photo booth company. TechCrunch reported on a similar issue with a different company in December.“Even if you just wanted the printed photo, your data is being held by a third party unbeknownst to you,” the security researcher, who requested anonymity to speak about a sensitive security issue, said. “The fact that this third party leaks it freely is icing on the cake. It violates any reasonable expectation of privacy.”In all, the researcher says at least 100GB of photos are exposed. 404 Media reviewed a smaller sample of photos. They show people at various weddings and engagement parties cheering and drinking. Some photos include children. Others appear to have been taken at a NASA branded event.“You can attribute the phone numbers to photos of people in some cases. I think the greatest reasonable risk for photo booth users is that it could reveal intimate photos,” the researcher added.Curator Live’s website says the company “delivers industry-leading enterprise photo and video capture solutions. From photo booth operators to zoos, sports events, attractions, and vacation destinations, we help your brand create unforgettable experiences and lasting memories.”As for how they found this issue, the researcher said they went to a wedding where the DJ company had a Curator Live photo booth. “The booth was configured to take four or so photos, then printed them out. The machine promoted the user for a phone number to receive digital copies of the photos,” he said.After reluctantly entering his number, the researcher received a text with a link to Curator Live’s API, he said. From there, he found the exposed data. The company is still exposing people’s data so 404 Media is not explaining the security issue in detail. But the impact is that a stranger could dig through other peoples’ photos.The researcher shared a copy of his email he sent to Curator Live in November detailing the issue. The researcher said he never received a response. “Fix your shit,” one line read.Curator Live did not respond to 404 Media’s request for comment.
Wedding Photo Booth Company Exposes Customers’ Drunken Photos
Related Posts
Physical AI Edges Closer to Real-World Deployments
A new report from French IT consulting firm Capgemini found that businesses are rapidly moving physical AI from experimentation to implementation.
Chinese Vendor Claims First Large-Scale Embodied AI Deployment
Agibot says its project marks a significant shift in embodied AI from pilots to industrial use.
Bobyard 2.0 offers improved takeoffs and unified AI for estimators
AI platform, Bobyard, has unveiled Bobyard 2.0, its latest platform update delivering accelerated takeoff workflows and a unified AI workbench, designed to keep pace with the estimators (those responsible for calculating project budgets) who use it every day throughout the construction and landscaping industry. By speeding up takeoff operations, a important part of estimating a […]
The post Bobyard 2.0 offers improved takeoffs and unified AI for estimators appeared first on AI News.