DIY Photography

Your one stop shop for everything photo-video

Search

Submit A Story

Millions of private photographs leaked in Ricoh Theta360 data breach

by 2 Comments

vpnMentor reports that its research team discovered that Theta360’s photo-sharing platform has suffered something of a pretty major data breach. The leak, they say, has exposed at least 11 million public and private photographs on the system.

They say that while most personal information was not released, usernames, first and last names along with the captions were exposed in the database alongside the images. Images that many users had chosen to keep private.

The data breach exposed thousands of users’ photos, many of whom chose to keep their images private. The breach did not expose users’ most personal information, but in many cases, we located their usernames, first and last names, and the captions they wrote in the exposed database.

We couldn’t directly access users’ social media accounts through Theta360’s system.

– vpnMentor

On spotting the issue, vpnMentor says that things were resolved very quickly. The leak was discovered by them on May 14th, reported to Theta360 on the 15th, and the leak was closed on the 16th. The Theta360 photo sharing platform is run by Ricoh, the company that makes the Theta line of 360° cameras, as well as Pentax cameras.

Despite the hole being closed quickly after discovery, who knows how long the flaw existed before it was spotted? As vpnMentor points out, there are far-reaching privacy issues on a breach like this. Many people choose to keep certain images of children and family private. Many of them may be GPS tagged. Then there are those photos that people might only shoot for the person they’re… “involved with”. Yeah, nobody wants those getting out there or being blackmailed to prevent it from happening. And then there’s all the usual identity theft stuff that privacy advocates warn about every time there’s a big data breach.

The Theta360 platform is now patched and the hole is filled, so your data is safe…ish. That is to say that people can’t get into it when they’re not supposed to anymore. But there’s no telling whether your private images were accessed while the system was still vulnerable.

You can read more about it on vpnMentor and get some insight into exactly how it worked. But just remember one thing, folks, there’s no such thing as private on the Internet. If it’s out there, then somebody can get to it. So, you have something that really is private, don’t store it online. No matter how safe you think it is.

[via vpnMentor]

Related posts:

Unsecured database exposes private data of millions of Instagram influencers 500px demands users reset their passwords after data breach Adobe data breach exposed almost 7.5 million Creative Cloud accounts to the public These are the photo editing apps that are collecting and tracking your private data
John Aldred: from diyphotography.net

About John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Free Resources

Advanced lighting book

Recent Posts