'Photofucket' devs arrested for selling their pic-stealing app

Photobucket image hosting website

Years before stolen pictures of celebs hit the internet in a massive bundle, news that Reddit posters were searching for private photos popped up under the term “fusking.” As detailed by Buzzfeed in August of 2012, Reddit channels were dedicated to using a security flaw in Photobucket.com to search for pictures posted in private folders. If anyone on the internet knew (or could guess) a private photo’s direct URL it was visible, and guessing the default filename of digital photos isn’t very difficult. Today the US Department of Justice is announcing the arrest of two men for selling “Photofucket” software that it says stole guest passwords for protected albums and sought out those private pictures.

Brandon Bourret of Colorado and Athanasios Andrianakis of Californias are facing charges of “computer fraud and abuse, access device fraud, identification document fraud and wire fraud.” Access device fraud carries the longest potential penalty, with up to ten years in federal prison and a $250k fine per count. According to the indictment (PDF), evidence against Bourret and Andrianakis includes emails they sent discussing exploits, customer service messages to Photofucket buyers, and Paypal transfers to fund the operation.

Back in 2012, many users of the picture sharing site — who may have uploaded photos years earlier for sharing on early social networks like Myspace or Friendster — had no idea that marking a folder private only hid the folder. At the time Photobucket announced that all new accounts would have their links scrambled by default, as well as an option to scramble links for existing users. It’s unclear if that helped stem the tide of the hackers for those who even knew about it, and the originally revealed Reddit channels are marked private now. Investigation of the breach and the accounts that were accessed is ongoing, but if you have any old albums gathering dust it’s probably well past time to up their protection or delete them entirely.

[Image credit: NetPhotos / Alamy]

Filed under:

Comments

Source: US Department of Justice

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On