Posted on February 7, 2018 at 4:28 PM
A Parisian marketing agency just suffered a massive data breach which compromised the personal information of over 12,000 social media influencers.
Cybersecurity researchers from the security firm, UpGuard recently found that social media influencers from platforms such as Twitch, YouTube, and Instagram were affected by a recent data breach that compromised their personal information. Over 12,000 social media influencers were affected by the data breach that was caused by a major marketing company, Octoly, using an inefficiently secured Amazon server. Octoly is a major French marketing company that is responsible for sending thousands of social media influencers’ products and merchandise from major labels for endorsing and reviews.
Octoly has been known to represent labels from several industries, including Blizzard Entertainment, Ubisoft, Lancôme, Estee Lauder, Sephora, and Dior.
Chris Vickery, who serves as UpGuard’s director discovered the data breach at the start of January 2018. According to Vickery, the compromised files were stored using a publicly available and misconfigured S3 cloud storage service from Amazon Web Services (AWS).
Compromised information included highly sensitive data such as addresses, real names, email addresses, PayPal addresses, and date of birth. The exposed information becomes even heftier considering that several of the affected individuals actively chose to be as anonymous as possible on their platform.
The information also included encrypted usernames and passwords which could be easily decrypted by a dedicated hacker with an average skill level. According to an Upguard blog post, the majority of affected influencers were female, in their 20s and located in various countries from Europe as well as the US.
The published blog post emphasizes that this data breach has compromised the physical safety and security of all impacted influencers and has opened them to unnecessary harassment both online and possibly in real life. The blog post also noted that gaming influencers were at risk of possibly dangerous attacks from malicious individuals.
The top influencer in that find has over 6 million followers. It also included hashed passwords for all 12k+ accounts. How many of those internet celebs do you think re-use passwords? I'm thinking a decent percent probably do.
— Chris Vickery (@VickerySec) February 5, 2018
In addition to the exposed personal information, leaked details also included extensive analytical market research and data which includes over 600 brands and products that have employed Octoly. This includes over 12,000 separate in-depth reports on the performance and details of each influencer.
The leaked reports are incredible details and provide a comprehensive look at every influencer’s targeted audience, such as age group, interests, physical locations, and brand preferences.
The information is not only dangerous as it can be accessed by possibly malicious individuals, but it can also negatively impact Octoly’s hard work as it can be accessed by other rival marketing firms, which places Octoly in a uniquely vulnerable position. The leaked reports constitute a danger for both Octoly and the hundreds of brands that they represent.
What’s perhaps more alarming is Octoly’s failure to effectively respond to the urgent threat. While Upguard immediately informed the firm, they failed to respond for weeks despite Upguard’s several notifications. Upguard researchers noted that the reports were publicly accessible until February 1st when the firm finally managed to remove it.
The firm has acknowledged the data breach but stated that they have no reason to believe that the data was accessed or exploited by any malicious actors.
An Octoly spokesperson stated that the company is working to review its security measures in an attempt to protect their company and brands and influencers that they represent from similar attacks in the future.