vpnMentor reports that its research team discovered that Theta360’s photo-sharing platform has suffered something of a pretty major data breach. The leak, they say, has exposed at least 11 million public and private photographs on the system.

They say that while most personal information was not released, usernames, first and last names along with the captions were exposed in the database alongside the images. Images that many users had chosen to keep private.

The data breach exposed thousands of users’ photos, many of whom chose to keep their images private. The breach did not expose users’ most personal information, but in many cases, we located their usernames, first and last names, and the captions they wrote in the exposed database. We couldn’t directly access users’ social media accounts through Theta360’s system. – vpnMentor

On spotting the issue, vpnMentor says that things were resolved very quickly. The leak was discovered by them on May 14th, reported to Theta360 on the 15th, and the leak was closed on the 16th. The Theta360 photo sharing platform is run by Ricoh, the company that makes the Theta line of 360° cameras, as well as Pentax cameras.

Despite the hole being closed quickly after discovery, who knows how long the flaw existed before it was spotted? As vpnMentor points out, there are far-reaching privacy issues on a breach like this. Many people choose to keep certain images of children and family private. Many of them may be GPS tagged. Then there are those photos that people might only shoot for the person they’re… “involved with”. Yeah, nobody wants those getting out there or being blackmailed to prevent it from happening. And then there’s all the usual identity theft stuff that privacy advocates warn about every time there’s a big data breach.

The Theta360 platform is now patched and the hole is filled, so your data is safe…ish. That is to say that people can’t get into it when they’re not supposed to anymore. But there’s no telling whether your private images were accessed while the system was still vulnerable.

You can read more about it on vpnMentor and get some insight into exactly how it worked. But just remember one thing, folks, there’s no such thing as private on the Internet. If it’s out there, then somebody can get to it. So, you have something that really is private, don’t store it online. No matter how safe you think it is.

[via vpnMentor]