- Lifeprint app leak uncovered 2 million non-public footage and consumer data
- Misconfigured garage additionally published firmware keys growing possibility of malicious printer hijacks
- Users face threats of blackmail, id robbery and harassment from uncovered information
A significant privateness incident has uncovered tens of millions of personal footage from Lifeprint, a conveyable photograph printer device.
The leak, exposed by way of researchers at Cybernews, published over 8 million recordsdata, together with 2 million distinctive footage, that had been obtainable with out authentication.
Lifeprint is produced by way of C+A Global, a New Jersey corporate based in 2003, permitting customers to ship pictures and GIFs at once from a smartphone to a attached tool, and even to a chum’s printer thru an app for iOS and Android, and the Android model of the app has been downloaded greater than 100,000 instances on Google Play.
More than 1.6 million photos printed
According to the researchers, the leak was caused by a misconfigured storage bucket that left sensitive files exposed to anyone online.
The exposed data included usernames, email addresses and print statistics for over 100,000 users.
Metadata indicated that the community has printed more than 1.6 million photos.
The security issues went far beyond leaked images unfortunately, as multiple versions of Lifeprint’s firmware were also left in the same public bucket and buried in those files was a private encryption key in plain text, used to sign firmware updates.
With this key, attackers could potentially create malicious firmware and distribute it as a legitimate update.
That scenario, if it came to pass, could allow hackers to hijack printers, run their own code, or even fold the devices into botnets.
“This is a textbook example of what not to do with IoT infrastructure,” a Cybernews researcher said.
“This leak shows multiple deviations from best practices, such as not properly segregating user data, publishing cryptographic keys together with the firmware, not employing proper access controls to ensure that only the intended users would be able to access their files and data.”
For Lifeprint users, the consequences could be devastating, as personal details combined with photos create risks of identity theft, harassment and doxxing.
Intimate images could be particularly damaging, with the risk of blackmail and extortion, or long-lasting public embarrassment if they were to appear online.
Cybernews reached out to Lifeprint’s parent company about the findings, but says it has yet to receive a reply. The leak was first detected in late July 2025, and as of now, no official statement has been issued.
You might also like
Source: www.techradar.com
