https://images.rankiteo.com/companyimages/photoboothsupplyco.jpeg

Photobooth Supply Co Company CyberSecurity Posture

Photobooth Supply Co. is reinventing the idea of photobooths with open spaces, marketing tools, and elegant aesthetics that allow you to thrive. You might be a business looking to expand your marketing through data collection and social outreach. You might be an individual looking for a chance to establish a brand and chase the American dream of entrepreneurship. Photobooth Supply Co. can help you do it all with hardware and solutions The iconic Salsa photobooth brings a suite of tools for existing businesses. If you’re looking to expand your marketing efforts, you’ll be able to deploy a booth at a trade show and gather the email addresses of hundreds of smiling guests. Rather than being stuck with a business email or attempting to cold email a list, you can deliver a personalized message into the inbox of every passerby. If you’ve got a retail location, you can design a permanently installed booth with easy followup emails that suggest a visit to clients, survey capture, real-time brand engagement and more. Salsa provides brand engagement and social content at the highest level. Salsa is a perfect fit for someone beginning their journey of business ownership. Unlike a franchise, you don’t owe Photobooth Supply Co. any of your profits or success. This means that when you’re advertising any of the Salsa exclusive features instant uploads to an online live gallery, you’re keeping the money that each booking generates.

Photobooth Supply Co A.I CyberSecurity Scoring

PSC

Company Details

Linkedin ID:

photoboothsupplyco

Website:

http://www.photoboothsupplyco.com

Employees number:

Number of followers:

5,874

NAICS:

54192

Industry Type:

Photography

Homepage:

photoboothsupplyco.com

IP Addresses:

Scan still pending

Company ID:

PHO_9305855

Scan Status:

In-progress

PSC Risk Score (AI oriented)

Between 650 and 699

PSC Photography

Updated: 12/12/2025

Powered by our proprietary A.I cyber incident model
Insurance preferes TPRM score to calculate premium

PSC Global Score (TPRM)

XXXX

PSC Photography

—

Instant access to detailed risk factors
Benchmark vs. industry & size peers

Vulnerabilities
Findings

Photobooth Supply Co

Weak

Current Score

672

B (Weak)

01000

1 incidents

-78.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025

750

Breach

12 Dec 2025 • Photobooth Supply Co: Photo Booth Website Bug Exposed Thousands of Users’ Photos

Photo Booth Maker's Website Exposes Thousands of Images and Videos Due to Insecure Access Control

**Photo Booth Vendor’s Security Flaw Exposed Thousands of Private Images and Videos** A security researcher, known as Zeacer, uncovered a critical vulnerability in a photo booth vendor’s website that left thousands of images and videos—including intimate moments and drunken party snapshots—publicly accessible without authentication. The flaw stemmed from insecure direct object references, where media files were served via predictable URLs, allowing attackers to enumerate and download entire galleries using simple scripts. The company had recently reduced file retention from two to three weeks to just 24 hours, limiting the volume of exposed content at any given time. However, this change did not prevent attackers from scraping daily uploads. At one point, over 1,000 images from a Melbourne-based photo booth service were visible, highlighting the scale of the risk. The incident underscores the dangers of broken access control, ranked by OWASP as the top web application security risk. Event photo booths often capture highly personal moments—weddings, corporate events, and private gatherings—where sensitive details like home addresses, children’s faces, or organizational affiliations may be inadvertently exposed. Even with short retention periods, scraped data remains permanently accessible to attackers. The financial and reputational consequences of such breaches can be severe. IBM’s *Cost of a Data Breach Report* estimates global breach costs in the multi-millions, while consumer-facing brands built on "shareable moments" face lasting reputational harm. The flaw likely resulted from common shortcuts in event-tech development, such as public object storage, client-side-only checks, and predictable URL patterns—issues that could have been mitigated with server-side protections like signed URLs, randomized IDs, and rate limiting. Regulatory risks also loom large. Under Australia’s privacy laws, businesses must proactively secure data and disclose breaches, while GDPR in the EU and UK imposes fines of up to 4% of global turnover for serious violations. The vendor’s role—as either a data processor or controller—determines specific compliance obligations, but minimizing retention and enforcing strict access controls are baseline requirements. Customers who used affected photo booths in the past month should assume potential exposure and request gallery deletions from vendors. Event organizers are advised to demand transparency from suppliers, including details on file retention, link security, and third-party audits like SOC 2 or ISO 27001. Contracts should explicitly address data processing terms and breach notification responsibilities. The incident reflects a broader trend in event tech, where rapid growth often outpaces security hardening. As web app vulnerabilities remain a leading cause of data breaches, basic safeguards—such as private-by-default storage and continuous logging—can prevent such exposures without requiring complex solutions. While the vendor’s retention reduction limits immediate risk, it does not replace proper authentication and authorization, leaving galleries vulnerable to persistent scraping.

672

critical -78

PHO1765565027

Incident Details -

Type

Data Exposure

Attack Vector

Insecure Direct Object Reference (IDOR)

Vulnerability Exploited

Broken Access Control (OWASP Top 10)

Impact

Data Compromised: Thousands of images and videos, including personal and sensitive moments Systems Affected: Photo booth website media storage and serving endpoint Brand Reputation Impact: Significant reputational damage, especially for a consumer-facing brand predicated on 'shareable moments' Legal Liabilities: Potential regulatory fines under GDPR, Australian Privacy Act, and other privacy laws Identity Theft Risk: Exposure of personally identifiable information (e.g., home addresses, affiliations)

Response

Containment Measures: Reduced file retention period from 2-3 weeks to ~24 hours

Data Breach

Images Videos Number Of Records Exposed: Over 1,000 images at one stage (prior to retention change) Sensitivity Of Data: High (personal moments, identifiable individuals, potential PII) Data Exfiltration: Possible via scraping scripts Images Videos Personally Identifiable Information: Yes (e.g., home addresses, affiliations, children)

Regulatory Compliance

GDPR Australian Privacy Act Potential other regional privacy laws

Lessons Learned

Broken access control and insecure direct object references are critical vulnerabilities that can lead to large-scale data exposure. Security measures like private-by-default storage, time-limited links, randomized IDs, and server-side permission gates are essential to prevent such incidents.

Recommendations

Implement private-by-default storage for media files. Use time-limited and audience-restricted links with signed URLs or rotating tokens. Adopt randomized, unguessable IDs for media files. Enforce rate limiting to prevent unusual download bursts. Conduct regular penetration testing and security reviews. Minimize data retention periods. Ensure compliance with privacy regulations (e.g., GDPR, Australian Privacy Act). Educate customers and event hosts on secure usage practices.

Customer Advisories

Set galleries to private if possible. Turn off public sharing options. Request permanent deletion of galleries through vendor support. Avoid uploading sensitive information (e.g., IDs, addresses) to event galleries.

Post Incident Analysis

Predictable media URLs enabling enumeration. Lack of server-side authentication and authorization. Insecure direct object reference (IDOR) vulnerability. Over-reliance on client-side checks for access control. Implement server-side permission gates (e.g., signed URLs, rotating tokens). Adopt randomized, unguessable IDs for media files. Enforce private-by-default storage. Conduct security pre-production reviews and regular penetration testing.

References

Blog URL Source URL

NOVEMBER 2025

750

OCTOBER 2025

750

SEPTEMBER 2025

750

AUGUST 2025

750

JULY 2025

750

JUNE 2025

750

MAY 2025

750

APRIL 2025

750

MARCH 2025

750

FEBRUARY 2025

750

JANUARY 2025

750

Frequently Asked Questions

What is the current A.I Rankiteo Cyber Score for Photobooth Supply Co ?

According to Rankiteo, the current A.I.-based Cyber Score for Photobooth Supply Co is 672, which corresponds to a Weak rating.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in November 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in October 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in September 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in August 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in July 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in June 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in May 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in April 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in March 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in February 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 750.

What was Photobooth Supply Co’s A.I Rankiteo Cyber Score in January 2025 ?

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 750.

What is the average per-incident point impact on Photobooth Supply Co’s A.I Rankiteo Cyber Score over the past 12 months ?

Over the past 12 months, the average per-incident point impact on Photobooth Supply Co’s A.I Rankiteo Cyber Score has been -78.0 points.

Where can I access detailed records of all cyber incidents associated with Photobooth Supply Co ?

You can access Photobooth Supply Co’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/photoboothsupplyco.

Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

Where can I view Photobooth Supply Co’s profile page on Rankiteo ?

You can view Photobooth Supply Co’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/photoboothsupplyco.

How accurate is the A.I Rankiteo Risk Scoring methodology ?

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.