https://www.vice.com/en_us/article/akwj5z/cameo-app-exposed-private-videos-user-data-passwords

Cameo, the increasingly popular app for paying celebrities to record short personal videos, exposed a wealth of user data including email addresses, hashed and salted passwords and phone numbers, and messages via a misconfiguration in its app. The site also has an issue where videos that are supposed to be private are actually available for anyone to find and download. Using the design flaw, Motherboard wrote basic code to build lists of ostensibly private videos filmed for users by celebrities such as Snoop Dogg, Ice T, and Michael Rapaport.

"I got some of the backed up user database," the researcher who flagged multiple security and privacy issues with the app said. Motherboard granted the researcher anonymity to speak more candidly about a sensitive security incident.