Details of 12k social media influencers are leaked due to Octoly breach

Using an unsecured Amazon server resulted in the data breach at Octoly marketing firm

According to the breach analysis blog, UpGuard, more than 12 thousand social media stars were exposed during the data leak at a marketing firm Octoly which was a consequence of an unsecured Amazon Server^[1]. The Paris-based marketing agency aimed to connect influencers with top brands across the world by supplying beauty products in exchange for reviews on Youtube, Twitter, and Instagram.

Cybersecurity analysts claim that the breach at Octoly revealed not only the real names of the influencers who usually use nicknames online for security reasons, but also their home addresses, phone numbers, shipping addresses, emails, birth dates and other sensitive data^[2]. This data leak can result in serious privacy-related issues.

Additionally, hackers could have had access to authentication tokens which could be used for hijacking the accounts of the influencers. Even though they are encrypted, there is a possibility to decrypt and reuse them for stealing other accounts with the same nickname on other social media platforms^[3]. 

The data leak contained private information of more than 600 well-known brands as well

Cybersecurity researchers also inform about the exposure of brands' analytical information which includes the names of more than 600 brands patronizing Octoly's services^[4]. Beauty giants like Estée Lauder, Dior, L’Oreal, Lancôme, Birchbox, Pierre Fabre and Beauty Solutions, Ltd. are concerned about their security.

In addition to these personal details, the bucket also contains a large amount of brand and analytical information, the disclosure of which could be damaging to Octoly’s business operations. 

Also, the data leak contains hyperlinks to the reports filed by a data analytics firm, Deep Social, which provides a deep insight into the influence which social media star has online. The analysis contains the private information about the Octoly user's followers, their ages, locations, and interests as well as the brand preferences. 

Octoly's response to the data breach raises concerns whether this marketing firm can be trusted

While the researchers at UpGuard have discovered the data lead at the beginning of January, the Paris-based marketing agency was noticeably slow to respond. This raises concerns whether Octoly truly understands the significance of this data breach and will take appropriate actions in the future to recover its reputation.

UpGuard has notified the company via email on 4th of January and following a direct message on Twitter the next day. Unfortunately, cybersecurity experts not only didn't receive a response but also were ignored when calling twice during the seven day period^[5]. 

This exposure reveals highly sensitive personal information about over twelve thousand individual men and women who, by merit of their prominence on the internet, are particularly vulnerable to the possibilities of harassment, abuse, and even the violence of ‘swatting.’

As a result, anyone could have accessed the private details of social media stars without the password on unsecured Amazon Web Services S3 cloud storage servers for almost a week.