Story image

Personal details of 12,000 social media ‘stars’ leaked in avoidable breach

06 Feb 2018

The UpGuard Cyber Risk Team recently revealed a significant security breach that took place in January this year.

Octoly, a Paris-based brand marketing company inadvertently leaked the personal details of 12,000 social media ‘stars’ via an unsecure AWS S3 bucket.

A cloud repository belonging to Octoly was left exposed, revealing a backup of their enterprise IT operations and sensitive operation of the firm’s registered online personalities.

Octoly places products made by its brand customers into the hands of its registered social media personalities, with the ultimate goal being to increase number of reviews from vloggers, Instagram stars, and Twitter users trusted by young consumers.

While the company asserts that no money changes hands between the firm, the brands, and these ‘creators’ for such reviews, the creators are able to take their pick from a free selection of merchandise offered by Octoly and their brand partners.

Given Octoly needs to be able to send free products to these influential creators - and, for analytical purposes, track the reach and success of such product placements - the company registers these creators within their IT systems, gathering a great deal of personal details, including the creators’ contact information.

Such personal information for over twelve thousand people was exposed in the bucket. A table titled “Creators” contains such details as the real names, home addresses, birth dates, and phone numbers of these individuals, many of them known only by their first names or pseudonymously online.

Perhaps the most jarring fact from the situation is that according to UpGuard, Octoly was informed of the exposed cloud repository on January 4th, yet the personally identifiable information was not secured until February 1st.

Bitglass CTO Anurag Kahol says the recent Octoly data breach once again demonstrates the importance of proper configuration and security for cloud services.

“While the growing popularity of public cloud applications has made businesses more flexible and efficient, it has also raised awareness about previously unseen security vulnerabilities. This is because many of the most popular cloud applications provide little visibility or control over how sensitive data is handled once it is uploaded to the cloud,” says Kahol.

“In essence, users are expected to blindly trust that their data is secure. As public cloud adoption rises, organisations must ensure all systems are properly configured and secured – customer privacy and trust depend on it."

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."