At least 11 million public and private photographs were found on an unsecured database connected to an online photo sharing service.
Researchers from VPNMentor discovered an online database that they traced back to Theta360, a photo service specializing in panoramic photos taken with Ricoh-brand cameras. The unsecured data contained photographs, usernames, full names, and photo captions, including those marked by users as private.
“We take the security of customer information extremely seriously. It’s important to note that before the resolution, further steps beyond accessing the records would have been necessary and would require a deeper level of expertise to ultimately view the images. Today, private photos are only accessible to those with a direct link, a design feature that is intended to allow customers to share their images,” said Ricoh spokesperson John Greco.
The leaked data was initially indexed by IoT-centric search engine Shodan on May 9, was discovered May 14, and taken offline May 16.
“We want to note that Theta360’s response to our discovery was the most professional of any company that we’ve contacted about a leak,” stated the official VPNMentor blog. “They quickly and efficiently closed the breach to protect their users.”