In early January, cyber-security firm UpGuard discovered that the personal data of over 12,000 Octoly users was left exposed in a publicly accessible Amazon Web Services S3 cloud storage bucket. The unsecured files included influencer names, addresses, phone numbers, email addresses, birth dates, usernames, and hashed user passwords.
The data breach has serious implications for influencers and brands alike. Here, we break down the details and ramifications of the Octoly influencer data cloud breach influencers and marketers alike should know:
Octoly is a paid influencer marketing platform that provides brands access to the social media influencers registered on its site. Registered influencers can source available campaigns from brands who use Octoly.
Additional leaked items include a list of the 600 brands Octoly has collaborated with and thousands of “Deep Social” data reports, which provide detailed information and analytics based on specific influencers’ profiles.
UpGuard first detected the breach on January 4th, 2018. By February 1st, after multiple notifications from UpGuard, Octoly fully secured all data in the misconfigured files and spreadsheets. Gizmodo broke the story on February 5th, and two days later, Octoly made the decision to notify all users of the breach.
According to Octoly, there are no signs that the leaked data has been exploited in any way so far.
Related Post: The Biggest Influencer Marketing New Stories Of 2017
Octoly’s data breach puts thousands of influencers (predominantly women) at risk for cyberstalking and cyberbullying, a growing problem for all internet users. Given their internet fame and large follower bases, social media influencers are particularly susceptible to online harassment as it is.
According to Chris Vickey, Director of Cyber Risk Research at Upguard, the top influencer listed in the unsecured spreadsheet has over 6 million followers.
The leakage of hashed user passwords is also particularly impactful because, if decrypted, these passwords could be used in conjunction with leaked usernames and email addresses to hack a multitude of influencers’ online accounts.
Password reuse is common, meaning the leaked information could give hackers the ability to log into several personal online accounts for each influencer.
There are risks that come along with registering for any online service, but in a young industry like influencer marketing, these risks are often heightened. Most influencer platforms have only been around for a few years, and as such, may not be well-equipped to handle sensitive brand, influencer, and campaign data.
Octoly’s leaked client list provides its competitors and brands’ competitors clear insight into their recent marketing initiatives. Additionally, the leaked Deep Social reports, which provide customized analytics on each of Octoly’s registered influencers, could provide value to client competitors. Prior to the breach, these reports were only available to brands who paid Octoly’s subscription fee.
For influencers, Octoly’s data leak is a red-flag reminder to always adhere to online security best practices (e.g. using randomly generated or non-recurring passwords, providing a non-home shipping address).