Skip to main content

Security lapse exposed private Theta photos

Millions of photos taken by Theta camera owners — some private and unlisted — were left exposed after security researchers found an open database without a password.

Noam Rotem and Ran Locar found the leaky database and reported the exposure to Ricoh, which secured the database within a day. The printing tech giant has sold thousands of the 360-degree camera since the device’s debut in 2014. Users can upload and share their photos and videos to the cloud using the camera.

But that cloud database that was left wide open, said Rotem and Locar, who also wrote up their findings. Anyone with access to the database could have easily accessed any of the 11 million photos stored online.

The researchers shared a sample of the data with TechCrunch to verify. We were able to easily access private and unlisted photos uploaded to Ricoh’s website by transplanting the unique file identifier found in the database into the cloud storage server’s web address.

In some cases the user’s name and captions were also viewable.

One of the 360-degree Theta cameras manufactured by Ricoh. (Image: Andreas Rentz/Getty Images)

When asked, Ricoh spokesperson John Greco did not dispute the researchers’ 11 million figure, but confirmed the exposure: “Ricoh was recently notified of this configuration issue and corrected it within hours.”

“We take the security of customer information extremely seriously. It’s important to note that before the resolution, further steps beyond accessing the records would have been necessary and would require a deeper level of expertise to ultimately view the images. Today, private photos are only accessible to those with a direct link, a design feature that is intended to allow customers to share their images,” said Greco.

Although the database is inaccessible, the photos can still be accessed — including private and unlisted photos — if the web address is known.

Rotem and Locar called the exposure a “major privacy breach.”

Ricoh didn’t say for how long the database was exposed. The build date of the database suggests it was created on April 1. But Shodan, a database for exposed devices and databases, first spotted the database on May 9.

The researchers discovered the exposure over a month later on May 14, but praised the company for its quick remediation.

Read more:



from TechCrunch https://tcrn.ch/2HKHSaE
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

Apple’s AI Push: Everything We Know About Apple Intelligence So Far

Apple’s WWDC 2025 confirmed what many suspected: Apple is finally making a serious leap into artificial intelligence. Dubbed “Apple Intelligence,” the suite of AI-powered tools, enhancements, and integrations marks the company’s biggest software evolution in a decade. But unlike competitors racing to plug AI into everything, Apple is taking a slower, more deliberate approach — one rooted in privacy, on-device processing, and ecosystem synergy. If you’re wondering what Apple Intelligence actually is, how it works, and what it means for your iPhone, iPad, or Mac, you’re in the right place. This article breaks it all down.   What Is Apple Intelligence? Let’s get the terminology clear first. Apple Intelligence isn’t a product — it’s a platform. It’s not just a chatbot. It’s a system-wide integration of generative AI, machine learning, and personal context awareness, embedded across Apple’s OS platforms. Think of it as a foundational AI layer stitched into iOS 18, iPadOS 18, and m...
Post a Comment
Read more

The Silent Revolution of On-Device AI: Why the Cloud Is No Longer King

Introduction For years, artificial intelligence has meant one thing: the cloud. Whether you’re asking ChatGPT a question, editing a photo with AI tools, or getting recommendations on Netflix — those decisions happen on distant servers, not your device. But that’s changing. Thanks to major advances in silicon, model compression, and memory architecture, AI is quietly migrating from giant data centres to the palm of your hand. Your phone, your laptop, your smartwatch — all are becoming AI engines in their own right. It’s a shift that redefines not just how AI works, but who controls it, how private it is, and what it can do for you. This article explores the rise of on-device AI — how it works, why it matters, and why the cloud’s days as the centre of the AI universe might be numbered. What Is On-Device AI? On-device AI refers to machine learning models that run locally on your smartphone, tablet, laptop, or edge device — without needing constant access to the cloud. In practi...
1 comment
Read more

Max Q: Psyche(d)

In this issue: SpaceX launches NASA asteroid mission, news from Relativity Space and more. © 2023 TechCrunch. All rights reserved. For personal use only. from TechCrunch https://ift.tt/h6Kjrde via IFTTT
Post a Comment
Read more