12/08/2023

Lightshot Fuskering

This article was inspired by my experiences endlessly exploring random lightshot screenshots in early 2021 and also serves as a report to the fuskering phenomenon of Lightshot’s images

What are you talking about?

Lightshot is an extremely useful tool to save and share screenshots quickly, however there is a feature that allows users to upload their screenshots instantly to the cloud, generating a new public image link every time. These image links used to be simple sequential base36 numbers, allowing anyone to access all screenshots ever posted to the servers. Unfortunately for us some time after 2022 it seems to have changed to base64URL links with no obvious sequential pattern. This renders all currently available random screenshot tools incapable of showing anything after this cut off date, and you can probably see why that was done.

What can be accessed

Skimming around for a few hours as I have done back during the COVID-19 quarantine, the most interesting stuff you will stumble upon are quite a few personal or generally sensitive images that the uploaders probably didn’t realise they were releasing publicly, as there are numerous personal conversations, NSFW images and even supposedly classified documents. Using the currently available tools will show you outdated pictures (Random Screenshot in particular shows screenshots all the way back from 2015-2016). If you want pictures closer to the cut off date, you must use a recent image as a seed go up incrementally from there. For example, here’s a cute murlock from April 2021.

I don’t think this information was meant to be publicly visible:

And certainly not this:

Recurring Scam Images

After skimming a few hundred screenshots, you will notice the same recurring fake password recovery emails or conversations with friends that seemingly show username and password combos for cryptocurrency exchanges, bank accounts or personal user accounts. These are quite simple to identify given that they use the same basic template with a tiny variance on image cropping here or there. It is interesting to note that due to the lesser known nature of lightshot screenshot skimming, these scams target individuals that may mistakenly see themselves as more tech savvy and that they have discovered a legitimate leak (provided they don’t realize the almost exact same screenshot has been uploaded to the site 5 minutes later)

One of these automatically generated ’leak’ emails: