I thought the worst with the Popsugar's Twinning tool was that it matched me with James Corden.
It turned out that hundreds of thousands of selfies uploaded to the tool, were easily downloadable by anyone who knew where to look.  The popular image matching tool is quite simple. "It analyzes a self-image or uploaded image, compares it to a massive database of celebrity photos to find matches, and finally gives you a" friendship share "for your five best looks," according to Popsugar, who developed the tool. Then you share the matched photos on Facebook and Twitter so everyone knows you're not looking like one of the many Kardashians.
All the uploaded images are stored in a storage bucket hosted on Amazon Web Services. We know because the bucket URL is in the code on the Twinning tool's website. Open it in your browser and we saw a real-time stream of uploaded images.
We confirmed the findings by uploading a dummy image of a particular file size at a specific time. Then we scraped a list of file names that were uploaded during that period from the bucket's URL, downloaded them and found our uploaded image by searching for that image of a particular file size. (We didn't download more than needed to preserve people's privacy.)
TechCrunch reached out to Popsugar's president Lisa Sugar and engineering vice president Mike Patnode, but didn't return. The bucket was locked shortly after.
As data leaks go, this is definitely on the low end. You can't worry that their selfies were exposed and easily downloadable. (Many pictures already leaked out of Google's search results ̵
But like any free app, quiz or any viral web tool, it's worth remembering that you still put your information out there – and you can't always get it back. Worse, you almost never know how secure your data will be or how it can end up being used – and abused – in the future.
This is Captain Buzzkill, signing off.