{"id":3057,"date":"2025-12-12T16:29:58","date_gmt":"2025-12-12T16:29:58","guid":{"rendered":"https:\/\/microvibenews.com\/?p=3057"},"modified":"2025-12-12T16:29:58","modified_gmt":"2025-12-12T16:29:58","slug":"flaw-in-photo-booth-makers-website-exposes-customers-pictures","status":"publish","type":"post","link":"https:\/\/microvibenews.com\/?p=3057","title":{"rendered":"Flaw in photo booth maker\u2019s website exposes customers\u2019 pictures"},"content":{"rendered":"<p><br \/>\n<\/p>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">A company that makes photo booths is exposing pictures and videos of its customers online thanks to a simple flaw in its website where the files are stored, according to a security researcher.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The researcher, who goes by Zeacer, alerted TechCrunch to the security issue in late November after reporting the vulnerability in October to <a rel=\"nofollow\" href=\"https:\/\/hamafilm.com.au\/\">Hama Film<\/a>, the photo booth maker that has franchise presence in Australia, the <a rel=\"nofollow\" href=\"https:\/\/www.instagram.com\/hamakono_dubai\/?hl=en\">United Arab Emirates<\/a>, and the <a rel=\"nofollow\" href=\"http:\/\/www.usahamafilm.com\/#franchise\">United States<\/a>, but did not hear back.<\/p>\n<p class=\"wp-block-paragraph\">Zeacer shared with TechCrunch a sample of pictures taken from Hama Film\u2019s servers, which showed groups of clearly young people posing in photo booths. Hama Film\u2019s booths not only print out the photos like a typical photo booth, but booths also upload the customers\u2019 photos to the company\u2019s servers.<\/p>\n<p class=\"wp-block-paragraph\">Vibecast, which owns Hama Film, has yet to respond to his messages alerting the company of the issues. Vibecast also hasn\u2019t responded to several requests for comment from TechCrunch, nor did Vibecast\u2019s co-founder Joel Park respond to a message we sent via Linkedin.<\/p>\n<p class=\"wp-block-paragraph\">As of Friday, the researcher said the company has still not fully resolved the security flaw and continues to expose customers\u2019 data. As such, TechCrunch is withholding specific details of the vulnerability from publication.<\/p>\n<p class=\"wp-block-paragraph\">When Zeacer first found this flaw, he noted that it appeared that photos were deleted from the photo booth maker\u2019s servers every two to three weeks.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Now, he said, the pictures stored on the servers appear to get deleted after 24 hours, which limits the number of pictures exposed at any given time. But a hacker could still exploit the vulnerability he discovered each day and download the contents of every photo and video on the server.\u00a0<\/p>\n<div class=\"wp-block-techcrunch-inline-cta\">\n<div class=\"inline-cta__wrapper\">\n<p>Techcrunch event<\/p>\n<div class=\"inline-cta__content\">\n<p>\n\t\t\t\t\t\t\t\t\t<span class=\"inline-cta__location\">San Francisco<\/span><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"inline-cta__separator\">|<\/span><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"inline-cta__date\">October 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"wp-block-paragraph\">Before this week, Zeacer said at one point he saw more than 1,000 pictures online for the Hama Film booths in Melbourne.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">This incident is the latest example of a company that, at least for a time, was not implementing certain basic and widely accepted security practices, such as rate-limiting. Last month, <a href=\"https:\/\/techcrunch.com\/2025\/11\/26\/bug-in-jury-systems-used-by-several-us-states-exposed-sensitive-personal-data\/\">TechCrunch reported that government contractor giant Tyler Technologies<\/a> was not rate-limiting its websites used for allowing courts to manage their jurors\u2019 personal information. This meant anyone could break into any juror\u2019s profile by running a computer script capable of mass-guessing their date of birth and their easy-to-guess numerical identifier.\u00a0<\/p>\n<\/div>\n<p><script async src=\"\/\/www.instagram.com\/embed.js\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/techcrunch.com\/2025\/12\/12\/flaw-in-photo-booth-makers-website-exposes-customers-pictures\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A company that makes photo boo&hellip; <\/p>\n","protected":false},"author":1,"featured_media":3058,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[249],"tags":[1662,459,1665,3144,3145,3146],"_links":{"self":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/posts\/3057"}],"collection":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3057"}],"version-history":[{"count":0,"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/posts\/3057\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=\/wp\/v2\/media\/3058"}],"wp:attachment":[{"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microvibenews.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}