[BreachExchange] Personal Data of 350, 000+ Social Media Influencers and Users Compromised Following Preen.Me Hack

Destry Winant destry at riskbasedsecurity.com
Fri Jun 26 10:19:05 EDT 2020


The personal information of an estimated 100,000+ social media
influencers has been compromised and partially leaked, following the
breach of social media marketing company, Preen.Me. Furthermore, as a
result of this breach, over 250,000 social media users have had their
information fully exposed on a deep web hacking forum.

Based in Tel Aviv, Preen.Me is self-described as “a next generation
marketing platform” that “generates demand on a massive scale” for
participating brands by using beauty-related content creators.

Held Under Ransom

Risk Based Security uncovered the leak on June 6, 2020 when a known
threat actor posted on a popular deep web hacking forum that they had
compromised Preen.Me’s systems and were holding the personal
information of over 100,000 affiliated influencers under ransom. The
threat actor then shared 250 records via PasteBin on the same day,
with a further comment on June 8th, stating their intent to release
the other 100,000 records. Those additional records have yet to be

The compromised personal information for social media influencers
includes social media links, email addresses, names, phone numbers and
home addresses. A few of the influencers affected have over half a
million subscribers or followers, according to the threat actor. The
impacted influencers appeared to be associated strictly with cosmetic
or lifestyle related content, reflecting the focus of Preen.Me.

Further Leaks and Developments

However, although the social media influencer data has not been fully
posted, on June 14th, the threat actor fully leaked the details of
over 250,000 social media users who use Preen.Me’s application,

The file contains 253,051 records in a user data table including
fields such as Facebook name, Facebook ID, Facebook URL, Facebook
friends list, Twitter ID, and Twitter name. The following personal
information has also been fully leaked:

- Home addresses
- Email addresses
- Date of births
- Eye color
- Skin tone; and more identifying information

In addition, another user data table contains 252,357 records of
usernames, names, email addresses, and passwords though it appears the
majority of the passwords are auto-generated or single characters.
This indicates it was likely dummy data for ByteSizedBeauty users that
authenticated in different methods. The data appears to still contain
a small number of what appears to be password hashes. Lastly, over a
100,000 user authentication tokens for social media were found in the

No Response from Preen.Me

While doxing isn’t anything new, it is still important to remember
that the publication of private personally identifiable information is
illegal and considered a crime in the United States. A dox such as
this can expose victims to substantial harassment and spam, as well as
spearphishing and identity theft scams if enough personally
identifiable information is gathered.

We have reached out to Preen.Me to share our findings, but at this
time they have not responded to our inquiries. We will update this
post with any relevant developments.

More information about the BreachExchange mailing list