Snooping for the Good Guys: Photobucket Safety Series Part 1

Recently I got my hands dirty and decided to see what the enemy was up to. My ongoing study will be laid out in a three part series. Each part will delve into one of three easy-to-do methods to access the pictures in a private Photobucket account (herein “Bucket“). Believe it or not, there is an entire community of people who do this in their spare time. Bucket Crackers, as they like to call themselves, take requests for pictures in a private Bucket and provide them either for free or for a price. From my experience in this community, a vast majority of people seeking the pictures in a private bucket, not surprisingly, are boys and men looking to find revealing pictures of a crush or the like. I expected this. However, what shocked me was the amount of employers here that get the Bucket accounts from a Myspace search of a perspective employee’s name. If you have a public Myspace and use the Photobucket hot linking ability to post pictures on your Myspace page, your Bucket account name is now available. With just your username, an employer can see what kind of a person he or she is hiring by the contents of your Bucket. Scary stuff, huh?
After witnessing the speed of these Bucket Crackers, some taking less than an hour to provide up to a thousand pictures, I had to find out how this was being done. Parts 2-4 will go into detail on the 3 exploits these Bucket Crackers use. Part 2 will be password cracking, part 3 will delve into “fuskering,” and part 4 will describe the “un-TOSing” of pictures.