Millions of Influencer Data Leaks on 21 Button

Social networks today are widely used by users. We have a wide range of options on the Internet. They are used to communicate with friends and family, upload images and videos, give our opinion … There are many types and we can use them on mobile devices and also on desktop computers. Of course, sometimes problems may arise that compromise the privacy of users. In this article we echo a discovery related to a data breach on the 21 Buttons social network, related to fashion, which has exposed the private information of many European influencers.

The social network 21 Buttons exposes the private data of many influencers

21 Buttons is a social network that also acts as electronic commerce and is related to fashion. Users upload images of their favorite clothing with links to the brand itself. Followers can directly buy those products from the app. This is something that many influencers use.

Millions of Influencer Data Leaks

Logically, with each purchase that is made through a link, the user of that social network takes a commission . In this way, influencers, who can have hundreds of thousands of followers, find here an interesting business to obtain economic benefit.

Now a team of security researchers from vpnMentor , led by Noam Rotem and Ran Locar, has discovered that the social network 21 Buttons was exposing the private data of hundreds of influencers in Europe.

This company stored more than 50 million data from its application in a misconfigured AWS cloud storage bucket. We have already seen similar cases where data and information have been exposed for the same reason. Having a poorly configured bucket can lead to security breaches that are exploited by potential intruders.

These exposed data correspond to commission invoices paid from those influencers. Each invoice was full of sensitive personal data. In addition, the amount charged in each case was exposed. There were more than 400 invoices between August 2016 and October 2020, both at a European and global level.

Among the personal data we can name tax information, profiles and social media posts and other types of user information.

Filtraciones de datos más importantes

How they could use this data

As we know, personal information on the web is of great value today. They can use it to include users in spam campaigns or send targeted advertising. They could even sell it to third parties for profit.

But they can also use that data to carry out cyber attacks . We speak, for example, of Phishing attacks. By collecting sensitive personal data, they could use it to impersonate the victim or even carry out more personal attacks, thus achieving a higher probability of success.

Ultimately, these personal data that were exposed in 21 Buttons could have fallen into the hands of cybercriminals with the aim of profiting from them. This information often ends up on the Dark Web, where it can be made available to anyone in hidden forums on this part of the network. We leave you an article with tips to protect data on the Internet.