vpnMentor’s research team has discovered thatTheta360 experienced a huge data breach.
The leak exposed at least11 million public and private photographs.
The data breach exposedthousands of users' photos, many of whom chose to keep their images private.
We couldn’t directly access users' social media accounts through Theta360’s system.
They quickly and efficiently closed the breach to protect their users.
Examples of Entries in the Database
Theta360 is a photo sharing platform.
It’s run by RICOH, a Japanese imaging and electronics company.
They are also an industry leader in sales of 360o cameras.
In 2016, the company sold at least 160,000 units.
They expect to maintain their leader status with projected sales of 250,000 units in 2019.
We could access more than 11 million unencrypted posts from Theta360’s database.
We viewed both the posts themselves andidentifying information about the poster.This included public and private accounts.
In some cases, we could easilyconnect the usernames in the database to the user’s social media account.
It might not seem like a massive security breach to be able to find public photos.
However, it’s a huge invasion of privacy.
Additionally, using the same methods,we could access photos from users' private profiles.
The final example below demonstratesthe extent to which the leak compromised users' privacy.
Data Breach Impact
Theta360’s database obscured more sensitive data like location coordinates.
Many users who posted photos privatelyobscured personal or private information.
Other parents might feel that posting pictures of their children is aninvasion of privacy.
They only need the date, contents of the photo, and caption.
Family privacy and identity theft are not the sole concerns.
If we combed through all 11 million posts, we could haveuncovered illicit photosthat were intended to remain private.
Publicizing illicit photos can have far-reaching consequences for the subjects.
For others,leaked photos may share information about affairs or even vacations that need to remain secret.
Geotags in data can easily lead to more sensitive information about a user.
How We Discovered the Breach
We discovered the leak in Theta360’s database through ourweb-mapping project.
Led by Ran and Noam, the research team scans ports to look for known IP blocks.
They then use this information to find open holes in the company’s web systems.
They can then look for leaks and other weaknesses.
If possible, we also alert the affected users.
This way, we can work with companies tomake the internet safer and more secure.
About Us and Previous Reports
vpnMentoris the worlds largest VPN review website.
We recently discovered a hugedata breach impacting 80 million US households.
Pleaseshare this report on Facebookortweet it.
yo, comment on how to improve this article.
