Another data leak due to misconfiguration in octoly owned Amazon Web Services S3 cloud storage bucket. Around 12,000 Social Media Influencers accounts that belongs to Instagram, Twitter, and YouTube personalities Sensitive personal data leaked online from octoly’s Amazon Web Services S3 bucket.
Octoly is an influencers marketplace where brands and creators collaborate to make branded video content and reviews.
Due to Misconfiguration in octoly owned Amazon Web Services S3 bucket repository, they left an Exposed backup of their enterprise IT operations and sensitive information.
Revealed information about 12,000 personalities most sensitive information which was registered by thousands of firm.
Exposed details contains influencers real names, addresses, phone numbers, email addresses which including those specified for use with PayPal – and birth dates for these creators.
Also, octoly revealed hashed passwords that can be decrypted and use it for password reuse attack against various online accounts belonging to creators.
How does this Data Leak Occured
On January 4th, 2018, octoly subdomain based Amazon Web Services S3 cloud storage bucket has been discovered by UpGuard Director of Cyber Risk Research Chris Vickery.
The discovered file belongs to octoly internal files that related to critical operations including a backup of Octoly’s operational database, “octoly_production.sql.”
The database contains a detailed information that about inner workings of Octoly’s Europe and North America based digital brand marketing operations.
According to UpGuard The exposed data reveals details about three categories of affected entities and individuals. The first, “users,” refers to Octoly employees.
The second, “clients,” is comprised of enterprises that employ Octoly as a partner, typically for the purpose of connecting these brands to the twelve thousand exposed members of the third category, “creators.”
Also, Beyond the potential damage to Octoly’s business reputation through the leak of privileged internal data, the exposure of information involving the firm’s enterprise customers illustrates how one breach can implicate many more entities.UpGuard said.
Source : GBHackers