Photo Booth Company Leaks Customers’ Drunken Wedding Photos
A recent security breach involving a photo booth company has raised concerns about data privacy at social gatherings. Curator Live, which provides services for weddings and other events, inadvertently exposed a significant number of personal photos and associated data.
Details of the Data Exposure
The breach was uncovered by a security researcher who alerted 404 Media to the situation. It was revealed that Curator Live has stored approximately 100GB of images and personal information, including phone numbers, in an insecure manner. This situation highlights the risks of data collection at events that many consider harmless.
Key Observations
- Photos included images from weddings and engagement parties.
- Some images contained children and even related to a NASA-branded event.
- The researcher noted that intimate pictures could potentially be revealed to unauthorized viewers.
How the Breach Occurred
According to the researcher, the issue was discovered during a wedding event. A photo booth provided by Curator Live prompted users to input their phone numbers to receive digital copies of their images. Upon entering his number, the researcher received a link to the company’s API, which led to the discovery of the exposed data.
The researcher reached out to Curator Live in November to report the security flaw but received no response. “Fix your shit,” was among the comments he made in his email, reflecting the urgency of the situation.
Implications for Customers
This breach raises serious questions about the privacy expectations of customers at events like weddings. Users often assume that their photos and associated data are secure, but third-party companies may not always uphold these expectations. The security researcher emphasized:
“Even if you just wanted the printed photo, your data is being held by a third party unbeknownst to you.”
Curator Live’s Response
Despite repeated attempts to contact Curator Live for comment, the company has not responded to inquiries from 404 Media. This lack of engagement leaves many questions unanswered regarding their data protection practices and the measures they will take to remedy the situation.
This incident is not isolated; another photo booth company faced similar issues last December, indicating a broader trend in data vulnerability within the industry.
As the situation stands, it’s crucial for consumers to remain cautious when sharing personal information with third-party services, even in seemingly relaxed environments like weddings.
