- A glitch on Hama Film’s website exposed photo booth images from the US, UAE and Australia to anyone who knew where to look.
- Researchers viewed more than 1,000 images of Melbourne stands and say the photos were accessible for up to 24 hours.
- Even short-term exposure allows for identity abuse: fake profiles, scams, bypassing selfie controls, and building synthetic identities.
A popular photo booth chain located in the US, UAE and Australia has been found to store all of its image data on a server that can be (easily) accessed via the device manufacturer’s website, essentially exposing people’s identities to potentially malicious players, experts have warned.
Cybersecurity researcher alias Zeacer said TechCrunch At that time, they were able to see more than 1,000 photographs of the Melbourne stands.
Zeacer reached out to Hama Film to notify it of the vulnerability on its website, but received no response, forcing the researcher to contact the media and share a sample of photographs taken from the company’s servers that showed groups of clearly young people posing in photo booths.
Thousand photos exposed
While this definitely limits the number of images exposed at any given time, a particularly persistent attacker (or one who automates their work) could still download all the photos that pass through the infrastructure.
Once hackers obtain these photos, the potential for abuse multiplies quickly. Clear facial images can be used to create convincing fake profiles on social media, which are then used as a weapon for romance scams, investment fraud, or social engineering attacks.
Cybercriminals can use stolen photos to pass basic identity checks, register for online services or bypass weak “selfie verification” systems. In some cases, they can even be combined with leaked personal data to apply for jobs, open accounts, or create synthetic identities.
Even if we ignore the obvious question: why would a photo booth store these images anywhere? It’s also worth mentioning that the images do not appear to be stored permanently.
Zeacer’s initial investigation determined that photos are deleted every two to three weeks, but he later said that they are actually deleted after 24 hours.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
