- LifePrint App Leaking Exposed 2 Million Private Photos and User Information
- Incorrectly configured storage also revealed firmwaret keys that create the risk of malicious printer capsules
- Users face threats of extortion, identity theft and harassment from exposed data
A larger privacy event has postponed millions of private photos from LifePrint, a portable photo printer system.
The leak, uncovered by researchers at Cygenerwsrevealed over 8 million files, including 2 million unique photos available without approval.
LifePrint is produced by C+A Global, a New Jersey company founded in 2003 so users can send images and GIFs directly from a smartphone to a connected device, or even to a friend’s printer through an app for iOS and Android, and the Android version of the app has been downloaded more than 100,000 times on Google Play.
More than 1.6 million photos printed
According to the researchers, the leak was caused by an incorrectly configured storage bucket leaving sensitive files exposed to all online.
The exposed data included usernames, e -mail addresses and printing statistics for over 100,000 users.
Metadata indicated that society has printed more than 1.6 million photos.
Unfortunately, the security questions went far beyond leaked images, as several versions of LifePrint’s firmware were also left in the same public bucket and buried in these files was a private encryption key in regular text used to sign firmware updates.
With this key, attackers could potentially create malicious firmware and distribute it as a legitimate update.
This scenario, if that happened, could allow hackers to hijack printers, run their own code or even fold the devices in the botnets.
“This is a textbook example of what to do not do with IoT -Infrastructure,” a Cygenerws said a researcher.
“This leak shows more deviations from best practices, such as not properly separating user data that publishes cryptographic keys with the firmware, does not use correct access control to ensure that only the intended users would be able to access their files and data.”
For LifePrint users, the consequences could be devastating as personal details combined with photos create risks of identity theft, harassment and doxxing.
Intimate images could be particularly harmful with the risk of extortion and extortion or prolonged public embarrassment if they were to appear online.
Cygenerws reached out to LifePrint’s parent company about the conclusions, but says it has not yet received an answer. The leak was only discovered at the end of July 2025, and right now no official statement has been issued.
