Story image

Personal details of 12,000 social media ‘stars’ leaked in avoidable breach

06 Feb 2018

The UpGuard Cyber Risk Team recently revealed a significant security breach that took place in January this year.

Octoly, a Paris-based brand marketing company inadvertently leaked the personal details of 12,000 social media ‘stars’ via an unsecure AWS S3 bucket.

A cloud repository belonging to Octoly was left exposed, revealing a backup of their enterprise IT operations and sensitive operation of the firm’s registered online personalities.

Octoly places products made by its brand customers into the hands of its registered social media personalities, with the ultimate goal being to increase number of reviews from vloggers, Instagram stars, and Twitter users trusted by young consumers.

While the company asserts that no money changes hands between the firm, the brands, and these ‘creators’ for such reviews, the creators are able to take their pick from a free selection of merchandise offered by Octoly and their brand partners.

Given Octoly needs to be able to send free products to these influential creators - and, for analytical purposes, track the reach and success of such product placements - the company registers these creators within their IT systems, gathering a great deal of personal details, including the creators’ contact information.

Such personal information for over twelve thousand people was exposed in the bucket. A table titled “Creators” contains such details as the real names, home addresses, birth dates, and phone numbers of these individuals, many of them known only by their first names or pseudonymously online.

Perhaps the most jarring fact from the situation is that according to UpGuard, Octoly was informed of the exposed cloud repository on January 4th, yet the personally identifiable information was not secured until February 1st.

Bitglass CTO Anurag Kahol says the recent Octoly data breach once again demonstrates the importance of proper configuration and security for cloud services.

“While the growing popularity of public cloud applications has made businesses more flexible and efficient, it has also raised awareness about previously unseen security vulnerabilities. This is because many of the most popular cloud applications provide little visibility or control over how sensitive data is handled once it is uploaded to the cloud,” says Kahol.

“In essence, users are expected to blindly trust that their data is secure. As public cloud adoption rises, organisations must ensure all systems are properly configured and secured – customer privacy and trust depend on it."

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.