Curator Live

Curator Live operates as a provider of wedding and event photo booth services, offering on‑site picture capture for celebrations and gatherings. The company is headquartered in the United States of America and also does business under the alias Curator Live. Its core product consists of portable booths that guests can use to take still images or short video clips during functions such as receptions, parties, and corporate events. By integrating instant sharing capabilities, the service allows participants to receive a link to their photos via SMS or email after submitting a phone number at the booth. This model positions Curator Live within the niche market of experiential photography that focuses on social events rather than traditional studio portraiture. The firm’s operational footprint is limited to the information disclosed in public sources, which does not include detailed figures on the number of units deployed or geographic coverage beyond its U.S. headquarters. As a service‑oriented business, its primary interaction with clients occurs through event planners, venues, or directly with hosts who book the booth for a specific occasion. The company’s branding emphasizes convenience and immediacy, aiming to deliver tangible memories shortly after they are captured.

Curator Live distinguishes itself by linking each photo session to a submitter’s phone number, a feature that was central to the security incident disclosed in November 2025. A security researcher reported that after submitting his own number at a booth, he received a link that exposed a large cache of images and associated contact information through the company’s API. The exposed dataset amounted to at least 100 gigabytes of photographs, depicting guests at various events, some showing individuals consuming alcohol and occasionally accompanied by children. Among the collection were pictures from a NASA‑branded gathering, illustrating the variety of functions that utilize Curator Live’s booths. The researcher’s attempts to notify the company about the exposure went unanswered, leaving the data publicly accessible for an unspecified period. This lapse allowed anyone with the link to download the images and correlate them with the phone numbers provided at the booth, creating a privacy risk for the individuals depicted. The incident highlights the company’s reliance on an API‑mediated sharing mechanism that, in this case, lacked adequate access controls or authentication safeguards. Consequently, the event underscores the importance of securing personal data linked to multimedia content in event‑based photography services.