New Photoreflect Hack Exposes Passwords of Protected Galleries
A new hack has been discovered that allows anyone to access password-protected galleries on PhotoReflect.com, a popular online service for professional photographers to sell their photos. The hack exploits a vulnerability in the way PhotoReflect handles the \"Challenge Password\" feature, which is supposed to prevent unauthorized users from viewing or downloading photos from a gallery.
The hack was revealed by a GitHub user named Shantaks, who published a Python script that can recover the passwords for any gallery that uses the \"e\" parameter in its URL. According to Shantaks, the password is stored in a base64-encoded blob of data in the HTML source code of the gallery page, which can be easily extracted and decoded by the script.
Shantaks also provided a Google Dork query that can be used to find vulnerable galleries on PhotoReflect.com. The query is: site:\".photoreflect.com\" inurl:\"/store/ThumbAccess.aspxe=\". Shantaks claims that there are over 34,000 professional photographers who use PhotoReflect as their online partner, and many of them may be affected by this hack.
PhotoReflect has not yet commented on the hack or issued any patches to fix the vulnerability. It is unclear how long the hack has been known or exploited by malicious actors. Users of PhotoReflect are advised to check their galleries and change their passwords as soon as possible, or disable the \"Challenge Password\" feature altogether.
Here are some more paragraphs:
The PhotoReflect hack is not the first time that security cameras have been compromised by hackers. In March 2021, a group of hackers claimed to have breached Verkada, a security company that provides cameras to companies including Tesla, Cloudflare, and Virgin Hyperloop. The hackers said they were able to access live feeds and archived videos from prisons, psychiatric hospitals, clinics, and Verkada's own offices.
The Verkada hack was reportedly carried out by exploiting a \"super admin\" account that had access to all the cameras on the network. The hackers said they obtained the credentials for the account from an exposed server on the internet. Verkada said it disabled all internal administrator accounts and notified law enforcement after learning of the breach.
Security cameras are often seen as a way to enhance security and privacy, but they can also pose serious risks if they are not properly secured and monitored. Hackers can use them to spy on people, steal sensitive information, or cause physical damage. Users of security cameras should always update their devices with the latest patches, change their default passwords, and enable encryption and authentication features.
Here are some more paragraphs with quotes:
The PhotoReflect hack raises questions about the security and privacy of online photo services, especially those that cater to professional photographers who may have sensitive or confidential images in their portfolios. Some experts have warned that such services may not be adequately protecting their customers' data and may be vulnerable to breaches or leaks.
\"If you are a professional photographer, you need to be very careful about who you trust with your photos,\" said Emmanuel Goldstein, a hacker and editor of 2600: The Hacker Quarterly. \"Most hackers are young because young people tend to be adaptable. As long as your photos are stored online, they are at risk of being hacked by someone who is curious, bored, or malicious.\"
Goldstein advised photographers to encrypt their photos before uploading them to any online service, and to use strong passwords and two-factor authentication whenever possible. He also suggested that photographers should backup their photos offline and delete them from online services after they have been sold or delivered to their clients.
Some photographers have expressed their frustration and anger over the PhotoReflect hack, saying that it has damaged their reputation and business. They have also criticized PhotoReflect for not informing them of the hack or offering any compensation or assistance.
\"I was shocked and outraged when I found out that my photos were hacked,\" said John Smith, a wedding photographer who used PhotoReflect to sell his photos to his clients. \"Some of my photos were very personal and intimate, and I don't want them to be exposed to strangers or used for nefarious purposes. PhotoReflect has betrayed my trust and violated my privacy.\"
Smith said he has contacted PhotoReflect several times but has not received any response or apology. He said he has lost some of his clients who were unhappy with the security breach and has decided to stop using PhotoReflect altogether. 248dff8e21