June 24, 2020 • RBS

Categories: Security News

The personal information of an estimated 100,000+ social media influencers has been compromised and partially leaked, following the breach of social media marketing company, Preen.Me. Furthermore, as a result of this breach, over 250,000 social media users have had their information fully exposed on a deep web hacking forum.

Based in Tel Aviv, Preen.Me is self-described as “a next generation marketing platform” that “generates demand on a massive scale” for participating brands by using beauty-related content creators.

Held Under Ransom

Risk Based Security uncovered the leak on June 6, 2020 when a known threat actor posted on a popular deep web hacking forum that they had compromised Preen.Me’s systems and were holding the personal information of over 100,000 affiliated influencers under ransom. The threat actor then shared 250 records via PasteBin on the same day, with a further comment on June 8th, stating their intent to release the other 100,000 records. Those additional records have yet to be released.

The compromised personal information for social media influencers includes social media links, email addresses, names, phone numbers and home addresses. A few of the influencers affected have over half a million subscribers or followers, according to the threat actor. The impacted influencers appeared to be associated strictly with cosmetic or lifestyle related content, reflecting the focus of Preen.Me.

Further Leaks and Developments

However, although the social media influencer data has not been fully posted, on June 14th, the threat actor fully leaked the details of over 250,000 social media users who use Preen.Me’s application, ByteSizedBeauty.

The file contains 253,051 records in a user data table including fields such as Facebook name, Facebook ID, Facebook URL, Facebook friends list, Twitter ID, and Twitter name. The following personal information has also been fully leaked:

  • Home addresses
  • Email addresses
  • Date of births
  • Eye color
  • Skin tone; and more identifying information

In addition, another user data table contains 252,357 records of usernames, names, email addresses, and passwords though it appears the majority of the passwords are auto-generated or single characters. This indicates it was likely dummy data for ByteSizedBeauty users that authenticated in different methods. The data appears to still contain a small number of what appears to be password hashes. Lastly, over a 100,000 user authentication tokens for social media were found in the database.

No Response from Preen.Me

While doxing isn’t anything new, it is still important to remember that the publication of private personally identifiable information is illegal and considered a crime in the United States. A dox such as this can expose victims to substantial harassment and spam, as well as spearphishing and identity theft scams if enough personally identifiable information is gathered.

We have reached out to Preen.Me to share our findings, but at this time they have not responded to our inquiries. We will update this post with any relevant developments.

Our products
The Platform
Risk Based Intelligence
Learn more
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
Risk Management
Learn more