The Personal Data of 350,000 Social Media Influencers and Users Is at Risk After a Preen.me Data Breach

Preem.me Data Breach

Despite evidence to the contrary, social media influencers are a lot more than a bunch of selfie enthusiasts with plenty of time on their hands. These people usually have a large following on social media platforms, and businesses of all shapes and sizes are more than happy to take advantage of this. The so-called influencer marketing industry is booming, and it's not difficult to see why.

On the one hand, companies can use the influencers to reach a wide audience, and for the influencers themselves, this is a pretty good way of securing a substantial income. There are even special platforms that link popular social media users to businesses that want to advertise their products. These platforms need to handle and protect people's personal data, however, and as Preen.me has proven, they sometimes fail to do it properly.

Preen.me has suffered a data breach

On June 6, a dark web forum user announced that they had managed to attack Preen.me successfully. The hacker claimed that they had stolen the personal data of about 100 thousand influencers, and they said that they had already threatened the platform to leak the data if a ransom isn't paid.

Researchers from Risk Based Security paid close attention to the situation. They had seen the hacker in action in the past and knew that the threats are most likely real. Sure enough, when the threat actor posted a sample of 250 records on PasteBin, Risk Based Security's experts confirmed that the social media links, emails, physical addresses, and phone numbers of quite a few influencers have been put at risk.

The hacker stated that they'd publish the entire database before June 8, but apparently, their plans have changed because, according to Risk Based Security, the influencers' data still hasn't been fully leaked. Instead, the hacker opted to expose the personal details of quite a few regular social media users.

The personal data of about a quarter of a million regular users gets exposed

About a week after the initial post, the threat actor published a database with a little over 253 thousand records containing Facebook names, IDs, URLs, and friends lists as well as Twitter IDs and Twitter names. This time, the data didn't belong to influencers but rather to people who had downloaded and used ByteSizedBeauty, an application developed by Preen.me. Along with social media information, these people had their home and email addresses, dates of birth, and data related to the way they look exposed.

Another database published by the same hacker left the researchers a bit confused. It also appeared to be coming from Preen.me, and it contained about 252 thousand usernames, email addresses, names, and passwords. When they took a closer look, however, Risk Based Security's experts saw that most of the passwords are either generated automatically or consist of a single character, which led them to believe that they might be looking at dummy data created for ByteSizedBeauty users who used different authentication methods. The 100 thousand social media authentication tokens found in the same database certainly support this theory.

Preen.me refuses to acknowledge the breach

The potential consequences for the affected individuals can be massive. According to the researchers' report, some of the influencers have more than 500 thousand followers, and the hackers will try everything they can to use the leaked information to compromise their social media accounts. Both influencers and regular users who were affected by the breach are at risk of sophisticated spearphishing attacks as well as numerous other scams.

Open Preen.me's website, however, and you'll be left with the impression that nothing has happened. Risk Based Security's researchers tried to notify the company immediately after they learned about the breach, but Preen.me didn't respond to their emails. Right now, more than three weeks after the breach was uncovered, the influencer marketing platform still hasn't announced anything officially.

It's been proven time and again that burying your head in the sand is not really the best way to handle a cybersecurity incident, but it looks like some companies simply refuse to learn.

By Duran
June 29, 2020
News
English
June 29, 2020
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Tips

How Facebook Quizzes Can Put You and Your Personal Data at Risk

Users' personal information continues to be at the top of the cybercriminals' target list. The majority of us spend at least several hours online each day, and it seems that the time spent surfing the Internet or... Read more

November 7, 2018
News

Social Media Monitoring App Mention Blames Third-Party for a Recent Data Breach

Data breaches are an unfortunate fact of life. Some companies don't take the security of your data seriously enough and are easy prey for hackers. Other organizations work hard to protect users' personal information,... Read more

August 10, 2018
News

LifeLabs Data Breach Puts About 15 Million Customers' Logins and Passwords at Risk

LifeLabs is one of the biggest laboratory service providers in Canada – a country with a population of just under 40 million people. A successful attack against LifeLabs is bound to put the data of quite a few... Read more

December 27, 2019
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.