LightShot allows people to view screenshots of other users

LightShot, a tool for creating screenshots famous for the possibility to share your images with a link, has appeared to be weak in terms of the simple URL changes. As reported by Alexander Weinrauch, who discovered a problem: “One can see other clients’ images by just changing one letter in the URL address.”

Outsiders can see everything you share

A testing screenshot was created to check the fragility https://prnt.sc/1reembt. If a user changes the last letter “t” in the URL address to the letter “b” and follows a new URL https://prnt.sc/1reembb, they will possibly see a completely different image uploaded by some other user.

AIN.UA has run its tests, and it turned out that one can change one or a few signs, and there is a high chance to see others’ pictures that may show you anything, ranging from crypto wallets data and personal messages to some common images. 

Scammers are already taking advantage of this vulnerability

Someone has already created thousands of faked screenshots with logins and passwords for crypto-wallets. The point of the scam is to make a user who was randomly changing URL links use login and password and try to withdraw cryptocurrency from it.

Alternatives to LightShot

Besides the obvious need to stop sending important information with LightShot’s built-in tools, you can switch to other services that offer the same features but use longer and more complex URLs.

The best alternatives are Monosnap and PicPick. They have even more features than LightShot. Along with taking screenshots of the entire screen, the active window, and a scrolling window, they also have an advanced image editor and conditionally secure image sharing.