Story image

Personal details of 12,000 social media ‘stars’ leaked in avoidable breach

06 Feb 2018

The UpGuard Cyber Risk Team recently revealed a significant security breach that took place in January this year.

Octoly, a Paris-based brand marketing company inadvertently leaked the personal details of 12,000 social media ‘stars’ via an unsecure AWS S3 bucket.

A cloud repository belonging to Octoly was left exposed, revealing a backup of their enterprise IT operations and sensitive operation of the firm’s registered online personalities.

Octoly places products made by its brand customers into the hands of its registered social media personalities, with the ultimate goal being to increase number of reviews from vloggers, Instagram stars, and Twitter users trusted by young consumers.

While the company asserts that no money changes hands between the firm, the brands, and these ‘creators’ for such reviews, the creators are able to take their pick from a free selection of merchandise offered by Octoly and their brand partners.

Given Octoly needs to be able to send free products to these influential creators - and, for analytical purposes, track the reach and success of such product placements - the company registers these creators within their IT systems, gathering a great deal of personal details, including the creators’ contact information.

Such personal information for over twelve thousand people was exposed in the bucket. A table titled “Creators” contains such details as the real names, home addresses, birth dates, and phone numbers of these individuals, many of them known only by their first names or pseudonymously online.

Perhaps the most jarring fact from the situation is that according to UpGuard, Octoly was informed of the exposed cloud repository on January 4th, yet the personally identifiable information was not secured until February 1st.

Bitglass CTO Anurag Kahol says the recent Octoly data breach once again demonstrates the importance of proper configuration and security for cloud services.

“While the growing popularity of public cloud applications has made businesses more flexible and efficient, it has also raised awareness about previously unseen security vulnerabilities. This is because many of the most popular cloud applications provide little visibility or control over how sensitive data is handled once it is uploaded to the cloud,” says Kahol.

“In essence, users are expected to blindly trust that their data is secure. As public cloud adoption rises, organisations must ensure all systems are properly configured and secured – customer privacy and trust depend on it."

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
Facebook fights fake news ahead of Africa elections
“We also show related articles from fact-checkers for more context and notify users if a story they have shared is rated as false.”
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.