DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Report: Theta360 Leak Potentially Exposed Millions of Users’ Public and Private Photographs

Posted on June 3, 2019 by Dissent

VPNMentor reports that their research team has discovered that Theta360 inadvertently left users’ photos — even those intended to be private — exposed.

The leak exposed at least 11 million public and private photographs.

The data breach exposed thousands of users’ photos, many of whom chose to keep their images private. The breach did not expose users’ most personal information, but in many cases, we located their usernames, first and last names, and the captions they wrote in the exposed database.

Read more about their findings and methods on VPNMentor.  It’s not clear from their reporting whether any unauthorized entities did access and/or exfiltrate data, but the report claims that it was possible to not only access private profiles but private photos:

The final example below demonstrates the extent to which the leak compromised users’ privacy. Here, the user chose to mark their account as unlisted. This should have masked their presence on Theta360. The account was not only visible on the database, but we could also access the user’s private pictures.

Ricoh posted the following statement on their web site on May 31. It appears to suggest that accessing private photos may not have been as easy as VPNMentor’s post might have suggested:

Notification regarding unlisted images on Theta360.com

May. 31, 2019

Ricoh was recently notified of a configuration issue related to unlisted images on the Theta360.com website and corrected it within hours. We can confirm that our immediate remediation measures are now complete.  However, it is important to note that prior to remediation, unlisted images were not directly viewable. Someone would have needed the technical knowledge and the desire to locate the other components required to complete the URL providing access.

We take the security of customer information extremely seriously. In today’s rapidly evolving business environment, Ricoh continually reviews protocols and optimizes security to ensure the safety of all the information contained on theta360.com.

Related Posts:

  • Indecent disclosure: Gay dating app left “private”…
  • AU: Big Footy data breach exposed private details of…
  • GO SMS Pro -- one of the most popular Android…
  • Report – Dalil Data Breach: 5+ Million Users’ Data…
  • Now-defunct X-Rated Social Media App Exposes Users…

Post navigation

← Update on American Medical Collection Agency breach: Almost 12 million Quest Diagnostic patients impacted
Ca: Weight Loss Grants posts customer health information without consent →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Ransomware group ‘Black Basta’ has raked in more than $100 million -researchers
  • DFS Announces $1 Million Cybersecurity Settlement With First American Title Insurance Company
  • ID Theft Service Resold Access to USInfoSearch Data
  • Okta admits hackers accessed data on all customers during recent breach
  • Hackers breach Israel intelligence group’s website
  • Queensland passes mandatory data breach notice laws
  • A cyberattack hit thousands of people in Louisiana. They’re still in the dark months later. (1)
  • KidSecurity’s user data compromised after app failed to set password

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net