“Preen.Me” Has Compromised the Details of 250,000 Social Media Influencers

• Hundreds of thousands of Twitter and Facebook influencers have had their details exposed.
• Preen.Me has been hit by ransomware actors who extorted the platform for a week before they released everything.
• The leak includes authentication tokens, email and home address, user IDs, name, and friends lists.

“Preen.Me,” a Tel Aviv-based marketing platform that links social media influencers with brands for purposes of promotion, has suffered a data breach which was the result of a successful ransomware attack. ‘Risk Based Security’ discovered samples of the stolen data on dark web listings that leaked the details of 250 “Preen.Me” users. The threat actors initiated the extortion procedure on June 6, 2020, and two days later, they threatened to release another 100,000 records via PasteBin. Eventually, on June 14, 2020, they leaked the details of 253,051 social media influencers who are using “ByteSizedBeaty,” which is Preen.Me’s application.

The details in the released file include the following:

• Facebook name
• Facebook ID
• Facebook URL
• Facebook friends list
• Twitter ID
• Twitter name
• Home address
• Email address
• Date of birth
• Eye color
• Skin tone

The researchers also found passwords in the lists, but most of them are single characters or auto-generated passwords, so these are probably just dummy data. The passwords that seem to be real are hashed, so these are not easily retrievable. Finally, there are about 100,000 user authentication tokens for social media platforms like Facebook, Twitter, and Instagram in the database.

Until now, “Preen.Me” hasn’t issued an official statement on the incident, hasn’t informed its users that their sensitive details have been compromised by hackers, and hasn’t informed the authorities and data protection office in Israel or the United States. This is seriously wrong, and even if Preen.Me has realized the security breach in their systems only now, they should still publish a statement that would reassure users that they are at least investigating the reports. Not stating anything shows that they either tried to bury this incident or are incompetent when it comes to incident response. Either way, it doesn’t reflect nicely upon their brand image.

Many social media influencers do what they do for a living, so seeing their account details and PII leaked is like seeing their business burn down. Back in February 2018, we had a similar incident with a marketing firm called “Octoly” exposing the personal details of 12,000 influencers. Then in May 2019, a Mumbai-based social media marketing firm named “Chtrbox” exposed 49 million Instagram influencers by leaving a database unprotected. And this is not only about which firms the influencers are trusting their personal data with, as many of these companies scrape the data themselves or buy it from other entities.