With influencer marketing and sponsored content being on the rise, more and more content creators, some even as young as 13, are actively trying to pursue a career in social media. Now, this highly lucrative modern-day career while having all the bells and whistles also has its share of pitfalls. Being at the forefront of a worldwide online audience isn’t always easy. With the obvious internet fame and a humongous number of loyal followers, also comes along more than a few bad eggs who aim to do them harm. These people while including the usual trolls, general haters and spammers, also include malicious hackers.
In recent news, it has been found out that a social media marketing firm known as Preen.Me underwent a huge data breach which has now led to the personal data of close to 100,000 social media influencers being partially leaked. This discovery was made on June 6th by the research team of Risk Based Security which is a cyber risk analytics firm. Subsequently, their team also found out that the same breach has led to more than 250,000 normal social media users having their information fully exposed on a deep web hacking forum. Thus, now all these individuals are at risk of being targeted by other threat actors as well.
According to Risk Based Security, after they were successful in identifying the breach, a threat actor has come forward anonymously to claim responsibility for the event. The individual has revealed that the personal information of those 100,000 social media influencers are now under ransom on a deep web hacking forum which happens to be very popular. After that, the threat actor went on to share 250 leaked records via PasteBin on the same day of the leak and then two days later stated that all the remaining records will be shared soon as well.
Although the rest of the records haven’t surfaced anywhere on the dark web until now, it has become quite clear that the potential for damage is exceptionally high because the information that was stolen via the breach includes the email addresses, names, phone numbers and even home addresses of the social media influencers.
Roy Bass who is a Senior Dark Web Analyst at Risk Based Security, commenting on this issue mentioned even though passwords haven’t been revealed, threat actors can easily find it out by employing various brute force techniques which can leverage a combination of all the personal information that has been revealed.
When it comes to the attacks which the affected individuals are exposed to, Bass explained it could be anything from spam and substantial harassment to spear-phishing and identity theft scams.
On June 14th, as mentioned earlier, the same threat actor went on to leak all the details of 250,000 social media users who use Preen.Me’s application, ByteSizedBeauty. The information that was revealed for these users includes their social media links, personal information such as a home address, date of birth, eye colour, skin tone and much more.
Regarding this leak, Bass added that there happens to be an increased risk for spear-phishing and identity theft scams besides the ones he previously mentioned as in this case, more personal information being leaked.
It is important to note here that this is not the first time a social media marketing agency was attacked so that the personal information of influencers can be revealed. A similar incident occurred in October 2019 but came to light only 3 months ago. Social Bluebook which is a platform that matches potential advertisers to influencers was breached wherein the personal information of more than 200,000 content creators and influencers were exposed.
Influencer marketing platforms and agencies, though in the recent years are trying to become more structured in terms of dealing with the talent and advertisers, still have a long way to go when it comes to building critical security infrastructure to stop such hackers from breaching their data. Thus, if someone aims to enter into this industry, they need to be extremely cautious about whom they are dealing with. They also need to learn how to keep their personal information safe and secure so that they don’t become easy targets for malicious threat actors.