sb-au logo
Story image

Personal details of 12,000 social media ‘stars’ leaked in avoidable breach

06 Feb 2018

The UpGuard Cyber Risk Team recently revealed a significant security breach that took place in January this year.

Octoly, a Paris-based brand marketing company inadvertently leaked the personal details of 12,000 social media ‘stars’ via an unsecure AWS S3 bucket.

A cloud repository belonging to Octoly was left exposed, revealing a backup of their enterprise IT operations and sensitive operation of the firm’s registered online personalities.

Octoly places products made by its brand customers into the hands of its registered social media personalities, with the ultimate goal being to increase number of reviews from vloggers, Instagram stars, and Twitter users trusted by young consumers.

While the company asserts that no money changes hands between the firm, the brands, and these ‘creators’ for such reviews, the creators are able to take their pick from a free selection of merchandise offered by Octoly and their brand partners.

Given Octoly needs to be able to send free products to these influential creators - and, for analytical purposes, track the reach and success of such product placements - the company registers these creators within their IT systems, gathering a great deal of personal details, including the creators’ contact information.

Such personal information for over twelve thousand people was exposed in the bucket. A table titled “Creators” contains such details as the real names, home addresses, birth dates, and phone numbers of these individuals, many of them known only by their first names or pseudonymously online.

Perhaps the most jarring fact from the situation is that according to UpGuard, Octoly was informed of the exposed cloud repository on January 4th, yet the personally identifiable information was not secured until February 1st.

Bitglass CTO Anurag Kahol says the recent Octoly data breach once again demonstrates the importance of proper configuration and security for cloud services.

“While the growing popularity of public cloud applications has made businesses more flexible and efficient, it has also raised awareness about previously unseen security vulnerabilities. This is because many of the most popular cloud applications provide little visibility or control over how sensitive data is handled once it is uploaded to the cloud,” says Kahol.

“In essence, users are expected to blindly trust that their data is secure. As public cloud adoption rises, organisations must ensure all systems are properly configured and secured – customer privacy and trust depend on it."

Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
Thales: A/NZ cybersecurity approach more talk than action
“While some organisations are talking a good story … predicted spending shows that most have the wrong focus.”More
Link image
Remote working remains a high-risk endeavour
A remote workforce needs phishing protection, automated incident response and security training to avoid the worst from happening. Here's how to get there.More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Link image
Why it's crucial to normalise proper security training for remote working
Knowing and implementing best practices for remote security can save money, time and headaches. It starts with a quality solution to safeguard the workforce.More