CATEGORIES
home News

Photobucket Hacker Devs Arrested For Stealing Private Photos, Passwords From Users

by Rob WilliamsSaturday, May 09, 2015, 02:00 PM EDT

The market may be filled to the brim with image and video sharing websites, but one of the oldest ones, Photobucket, still proves to be a popular choice. As we're now finding out, though, it's a choice you may want to reconsider if you have an account with the service.

The US Department of Justice yesterday announced the arrest of two men responsible for developing and marketing software that would allow people to gain access to private photos attached to Photobucket user accounts. The software utilized a legitimate technique called 'Fusking', which enables you to fetch URLs en masse that follow a specific pattern; eg: IMG_1[1-999].jpg. A fetching method like this would be useless on most sites, but not Photobucket, thanks to its subpar security implementations.

Photobucket

The problem stems from the fact that Photobucket doesn't change the name of images uploaded to the service, and it also doesn't require a password for images that are directly linked, even if they reside in an album that does require a password. If someone links you to an image on their Photobucket account that looks like it could be part of a range, then all a user has to do is guess different URLs. For example, if IMG_1234.jpg exists, then IMG_1235.jpg could, too.

What a tool like the aforementioned one could do is let the user specify a Photobucket account, and let the program take over - it'd run through a variety of common image names and see what it can pull. It goes without saying that many on Photobucket probably have images uploaded to the service that they'd like to keep private, and only because of the service's horrible security practices, they wouldn't be very private at all.

For their actions, the creators of this Photobucket-specific tool are being charged with conspiracy, computer fraud, aid and abet, and access device fraud.

If Photobucket's horrendous security has rubbed you the wrong way, I'd recommend giving Imgur a try, as it's a simple service that has no storage limits. Alternatively, you may also want to consider cloud services, such as Google Drive, Dropbox, or OneDrive. Those may not be as convenient, but they'll prove far more secure.

Tags:  security, DoJ, photobucket
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment