Skip to main content

Viral ‘Twinning’ app from Popsugar matches selfies with celebrities … and exposed personal photos

Over the last few days, a Twining app from Popsugar has gone viral across various social media platforms. Essentially, the service allows you to snap a selfie of yourself and get an instant result showing which celebrity you look like most. As it turns out, somewhat unsurprisingly, privacy wasn’t necessarily a focus for Popsugar when developing the Twinning app…

As first discovered by TechCrunch, all of the selfies uploaded to the Twinning web app were easily downloadable by people who knew where to look. Popsugar has since resolved the issue, but not until TechCrunch’s article was published.

Essentially, the images are kept inside of a storage bucket hosted on Amazon Web Services. The URL of the storage bucket was located in the code of the Twinning app’s website, which TechCrunch was able to discover. From there, they simply opened the link in a web browser and could see a real-time stream of photos being uploaded.

We verified the findings by uploading a dummy photo of a certain file size at a specific time. Then, we scraped a list of filenames uploaded during that time period from the bucket’s web address, downloaded them, and found our uploaded image by searching for that photo of a certain file size.

After the flaw was initially exposed, Popsugar confirmed that the issue had been resolved, with the company explaining that “the bucket permissions weren’t set up correctly” on the Twinning web app.

This isn’t necessarily the most damming security flaw, as when you receive the final comparison image, your selfie is placed right alongside the celebrity with which you matched. As TechCrunch explains, however, this is yet another example of a viral app’s lax security serving as a warning for using such tools.

But like any free app, quiz or some viral web tool, it’s worth reminding that you’re still putting your information out there — and you can’t always get it back. Worse, you almost never know how secure your data will be, or how it might end up being used — and abused — in the future.

Have you tried out the viral Twinning web app? Let us know down in the comments.


Subscribe to 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications