Sunday, February 16, 2025
HomeData Breach12,000 Social Media Famous Influencers Personal Data Leaked Online

12,000 Social Media Famous Influencers Personal Data Leaked Online

Published on

SIEM as a Service

Follow Us on Google News

Another data leak due to misconfiguration in octoly owned Amazon Web Services S3 cloud storage bucket. Around 12,000 Social Media Influencers accounts that belongs to Instagram, Twitter, and YouTube personalities Sensitive personal data leaked online from octoly’s Amazon Web Services S3 bucket.

Octoly is an influencers marketplace where brands and creators collaborate to make branded video content and reviews.

Due to Misconfiguration in octoly owned Amazon Web Services S3 bucket repository, they left an Exposed backup of their enterprise IT operations and sensitive information.

Revealed information about 12,000 personalities most sensitive information which was registered by thousands of firm.

Exposed details contains influencers real names, addresses, phone numbers, email addresses which including those specified for use with PayPal – and birth dates for these creators.

Also Read Hacking Group Spies on and Steal Data from Android Users Posing Actress Nude Photos

Also, octoly revealed hashed passwords that can be decrypted and use it for password reuse attack against various online accounts belonging to creators.

How does this Data Leak Occured

On January 4th, 2018, octoly subdomain based Amazon Web Services S3 cloud storage bucket has been discovered by UpGuard Director of Cyber Risk Research Chris Vickery.

The discovered file belongs to octoly  internal files that related to critical operations including a backup of Octoly’s operational database, “octoly_production.sql.”

The database contains a detailed information that about inner workings of Octoly’s Europe and North America based digital brand marketing operations.

According to UpGuard  The exposed data reveals details about three categories of affected entities and individuals. The first, “users,” refers to Octoly employees.
The second, “clients,” is comprised of enterprises that employ Octoly as a partner, typically for the purpose of connecting these brands to the twelve thousand exposed members of the third category, “creators.”

Also, Beyond the potential damage to Octoly’s business reputation through the leak of privileged internal data, the exposure of information involving the firm’s enterprise customers illustrates how one breach can implicate many more entities.UpGuard said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Global IoT Data Leak Exposes 2.7 Billion Records and Wi-Fi Passwords Worldwide

A massive security lapse has exposed over 2.7 billion records, including sensitive Wi-Fi credentials,...

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale

Threat actors from dark web forums claim to have stolen and leaked 20 million...

Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users

Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that...