Kardashian-Jenner Sisters' New Websites Have a Massive Security Flaw Nearly 900,000 users' data was exposed.

By Robert Hackett

This story originally appeared on Fortune Magazine

Trying to keep your Kardashian obsession under wraps?

If you're one of the super-fans who quickly subscribed to one of the Kardashian or Jenner sisters' newly launched websites, which arrived alongside $2.99-per-month mobile apps, then we've got some bad news. You may have inadvertently given yourself away.

A flaw in the design of the sister sites has reportedly exposed the personal information—including first and last names as well as email addresses—of 891,240 users.

A 19-year-old developer by the name of Alaxic Smith discovered the security issue and wrote about his findings on Medium, the publishing platform, earlier this week. (Soon after taking his results public, he removed the post. You can read an archived version of the article through this cached Google web page here.)

In a nutshell, Smith poked around the site until he eventually discovered an unsecure API—application programming interface, a kind of computer code that allows third parties to use proprietary data—containing users' partial login information. "Initially, I thought that this was some page filled with dummy data, but as I started to look closer, I realized it wasn't," he wrote. "I now had access to the first names, last names, and email addresses of the 663,270 people who signed up for Kylie Jenner's website."

It didn't take long for Smith to test the same trick across each website. And it worked each time.

The sites, crafted by Whalerock Industries, a software development firm, all bore the same vulnerability. So what affected thekyliejenner.com equally impacted kimkardashianwest.com, khloewithak.com, and kendallj.com. (At the time of publication,kourtneykardashian.com has yet to debut.)

Worse still? Smith discovered that he could manipulate data on each site. "I also had the ability to create/destroy users, photos, videos, and more," he wrote.

Whalerock has since patched the computer bugs. The company released a statement about the flub to the tech news site TechCrunch on Wednesday.

Shortly after launch we were alerted that there was an open Api. It was promptly closed. Our logs indicate that the author of the blog post was able to access only a limited set of names and email addresses. Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers' data.

An interesting corollary to the security issue involves the inferred popularity of each high-profile celebrity, as gleaned from the data Smith was able to collect regarding new user enrollments. (Caveats: Fortune has no way of verifying the legitimacy of this information, let alone confirming that it is the complete.)

According to the data, Kylie Jenner wins by a mile—though we already suspected that might be the case. Her star has risen precipitously in the past year or so.

Earlier this summer, hackers leaked user databases from the infidelity site Ashley Madison. The data dumps threatened to expose the identities of presumably philanderous spouses, leading to extortion schemes, potential divorces, even alleged suicides. To be sure, the Kardashian-Jenner website gaffe is a far less grave situation.

The Kim Kardashian West website's tagline is "unlock my world." Guess it didn't take much to do so.

Robert Hackett is a writer at Fortune, writing frequently about technology.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

JPMorgan Shuts Down Internal Message Board Comments After Employees React to Return-to-Office Mandate

Employees were given the option to leave comments about the RTO mandate with their first and last names on display — and they did not hold back.

Growing a Business

Entrepreneurs Should Invest in Service, Not Just Sales — Here's How to Build a Customer-First Business

A customer-first business strategy that prioritizes exceptional service, empowers employees and leverages feedback can transform satisfied customers into loyal advocates, driving sustainable, long-term growth.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Business News

'More Soul-Crushing Than Ever': Popular Hiring Platform Finds Around 20% of Its Postings Were 'Ghost Jobs'

Is that job listing too good to be true? There's a one-in-five chance that it might be.

Growing a Business

5 Risk-Taking Lessons From Founders Who Bet Big and Won

Discover the bold moves and strategic risks that catapulted these entrepreneurs to success. Learn how their fearless decisions can inspire your own path to growth.

Business News

'Masculine Energy Is Good': Mark Zuckerberg Tells Joe Rogan He Thinks Companies Need More Aggression

On the most recent episode of "The Joe Rogan Experience," Meta CEO Mark Zuckerberg said corporate culture has become "neutered."