recommended reading

Threatwatch

Kylie Jenner Lip Kit Website Exposed Customer Data

Accidentally leaked credentials; Software vulnerability

The cosmetics website of the Kardashian sister has been inadvertently leaking personal information to other clients. 

Here's how the situation played out: When someone tried to log into the site, it sent them to an existing customer's account, revealing names, email addresses, personal addresses, order history, etc. Every time a customer refreshed the site, it sent them to another customer's account.

Customers of Kylie Cosmetics complained to her people. Her staff had no idea it was happening, and just made a quick, temporary fix, TMZ reported on Monday, April 11. 

"A lot of people could have had their info compromised, because Monday was restock day for Kylie's Lip Kit -- which sold out immediately with over a million kits bought," according to TMZ.

sector

Web Services; Retailer

reported

April 11, 2016

reported by

TMZ

number affected

Unknown

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

Unknown