What happened with Hama Film's photo booths?

A security flaw on Hama Film's website exposed customer photos and videos online, which were stored on the company's servers.

How long were Hama Film customer photos exposed?

The exposure continued for weeks after the vulnerability was reported, with data deletion times reducing from weeks to 24 hours.

Did Vibecast respond to the Hama Film data issue?

Vibecast, Hama Film's owner, and its co-founder have not yet responded to alerts about the security flaw or requests for comment.

Home / Technology / Photo Booth Pics Exposed Online by Simple Flaw

Photo Booth Pics Exposed Online by Simple Flaw

12 Dec

•

Summary

Photo booth company Hama Film exposed customer photos online.
A security flaw allowed easy access to private customer images.
Data exposure continued for weeks before partial fixes.

Photo Booth Pics Exposed Online by Simple Flaw

A significant security vulnerability has been discovered in the systems of Hama Film, a photo booth company with operations in Australia, the UAE, and the United States. A security researcher known as Zeacer reported that a flaw in the company's website allowed for the public exposure of customer photos and videos stored on their servers. Zeacer first alerted Hama Film and its parent company, Vibecast, in late November, but initial responses were not forthcoming.

The vulnerability allowed for potentially wide-scale access to intimate customer moments captured within the photo booths. While the company has since implemented measures that reduce the exposure window for new photos to approximately 24 hours, the researcher noted that a persistent daily exploitation of the flaw could still lead to the download of all current server contents. Previously, over a thousand images from booths in Melbourne alone were found to be accessible online.