More than 12,000 prominent social media influencers from YouTube, Instagram, Twitter, and the gaming platform Twitch were exposed last month by a data breach at a marketing firm that pairs online stars with top brands seeking product reviews and endorsements, according to researchers at the security firm UpGuard.
Many of the online stars have massive followings and are known for offering beauty tips, primarily on Instagram, or video game reviews and commentary on YouTube. Few of them use their real names online. Like any other kind of celebrity, many social media stars have a heightened need for privacy, chiefly when it comes to the ever-present threat of online harassment.
The breach, which was tied last month to the influencer marketing firm Octoly, exposed not only the stars’ true identities, but their street addresses, apartment numbers, phone numbers, email addresses, and more. The users are predominantly young women, the researchers said.
The database exposed further contained a massive list of the brands that partner with these influencers, including top gaming companies such as Blizzard and Ubisoft, and beauty brands like Sephora, L’Oreal, and Sisley.
UpGuard’s researchers discovered the database in early January and were able to quickly linked it to the Octoly, a French company which maintains a virtual office based in Manhattan. Octoly’s Amazon server was publicly accessible, meaning virtually anyone could view its contents without a password. Securing the data proved challenging. Compared to most companies whose sensitive data has been unearthed in this way, Octoly was strikingly slow to respond.
UpGuard first notified the company by email on January 4th. The following day, a direct message was sent to the company on Twitter. UpGuard called Octoly’s corporate office twice over the course of a week without receiving a response. The data, meanwhile, remained accessible to anyone with the know-how to locate it—namely, hackers trolling the internet for random unsecured Amazon servers.
“This exposure reveals highly sensitive personal information about over twelve thousand individual men and women who, by merit of their prominence on the internet, are particularly vulnerable to the possibilities of harassment, abuse, and even the violence of ‘swatting,’” said UpGuard cofounder and co-CEO Mike Baukes.