Due to Amazon S3 storage configuration error, 12,000 social media influencers exposed in Octoly
According to ibtimes media news on February 6, UpGuard security researchers found that Paris Octoly because of its Amazon S3 bucket misconfiguration, resulting in online exposure of more than 12,000 social media influencers sensitive data. It is reported that these users are mostly from YouTube, Instagram, Twitter and Twitch and other social platforms, Octoly is currently worried about competitors using the exposure to take advantage of this platform to grab user resources.
Octoly is a Paris-based brand marketing company dedicated to providing social media stars with products from top brands and seeking their comments and endorsements. Octoly’s clients include Dior, Sephora, L’Oreal, Estee Lauder, Lancome and gaming giant Ubisoft and Blizzard Entertainment.
Chris Vicker, director of network risk team UpGuard, discovered in early January that a misconfigured and publicly accessible Amazon S3 cloud bucket was used by Octoly to store internally important files.
These documents include:
User sensitive information (real name, address, phone number, email address, and date of birth);
Octoly account hashed password encrypted with bcrypt;
Lots of branding and analytics information (a list of 600 brands Octoly serves and “deep social” reports from affected users);
Upguard believes the exposure may affect Octoly’s day-to-day operations to a certain extent. And Upguard said the biggest risk of the exposure is not economic costs, but people, as leaked user profiles give rivals an advantage and brands are likely to grab the attention of well-known social media influencers.