Millions of private photographs leaked in Ricoh Theta360 data breach

Jun 6, 2019

John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Millions of private photographs leaked in Ricoh Theta360 data breach

Jun 6, 2019

John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Join the Discussion

Share on:

vpnMentor reports that its research team discovered that Theta360’s photo-sharing platform has suffered something of a pretty major data breach. The leak, they say, has exposed at least 11 million public and private photographs on the system.

They say that while most personal information was not released, usernames, first and last names along with the captions were exposed in the database alongside the images. Images that many users had chosen to keep private.

The data breach exposed thousands of users’ photos, many of whom chose to keep their images private. The breach did not expose users’ most personal information, but in many cases, we located their usernames, first and last names, and the captions they wrote in the exposed database.

We couldn’t directly access users’ social media accounts through Theta360’s system.

– vpnMentor

On spotting the issue, vpnMentor says that things were resolved very quickly. The leak was discovered by them on May 14th, reported to Theta360 on the 15th, and the leak was closed on the 16th. The Theta360 photo sharing platform is run by Ricoh, the company that makes the Theta line of 360° cameras, as well as Pentax cameras.

Despite the hole being closed quickly after discovery, who knows how long the flaw existed before it was spotted? As vpnMentor points out, there are far-reaching privacy issues on a breach like this. Many people choose to keep certain images of children and family private. Many of them may be GPS tagged. Then there are those photos that people might only shoot for the person they’re… “involved with”. Yeah, nobody wants those getting out there or being blackmailed to prevent it from happening. And then there’s all the usual identity theft stuff that privacy advocates warn about every time there’s a big data breach.

The Theta360 platform is now patched and the hole is filled, so your data is safe…ish. That is to say that people can’t get into it when they’re not supposed to anymore. But there’s no telling whether your private images were accessed while the system was still vulnerable.

You can read more about it on vpnMentor and get some insight into exactly how it worked. But just remember one thing, folks, there’s no such thing as private on the Internet. If it’s out there, then somebody can get to it. So, you have something that really is private, don’t store it online. No matter how safe you think it is.

[via vpnMentor]

Filed Under:

Tagged With:

Find this interesting? Share it with your friends!

John Aldred

John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Join the Discussion

DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 responses to “Millions of private photographs leaked in Ricoh Theta360 data breach”

  1. ShishkaBerry Avatar
    ShishkaBerry

    If you’re stupid enough to put your nudes on a cloud server in 2019 then you kind of get what you deserve.

  2. panikmedia Avatar
    panikmedia

    Somewhere Ben Claremont is losing his mind.