Cyber Incident Victim: Preen.Me

On June 6, 2020, Risk Based Security’s data breach research team identified a compromise of social media marketing firm Preen.Me’s systems after a known threat actor advertised possession of over 100,000 affiliated influencers’ personal data on a deep web hacking forum. The actor initially leaked 250 records via PasteBin on June 6, demonstrating access to influencers’ social media links, email addresses, names, phone numbers, and home addresses. The exposed influencers predominantly created cosmetic or lifestyle-related content. Two days later on June 8, the threat actor threatened to release the remaining records but had not done so as of the article’s publication date of June 25. On June 14, the same actor fully exposed the personal information of over 250,000 users of Preen.Me’s ByteSizedBeauty application, including social media links, home and email addresses, dates of birth, eye color, and skin tone. No evidence indicated compromised passwords in either dataset.

The breach exposed both groups to heightened risks of spam, harassment, spear-phishing, and identity theft due to the volume of leaked personally identifiable information. Risk Based Security analyst Roy Bass noted threat actors could cross-reference exposed email addresses with compromised credentials from unrelated breaches or employ brute-force attacks to hijack accounts. ByteSizedBeauty users faced elevated identity theft risks due to the inclusion of biometric data (eye color, skin tone) and birthdates alongside contact details. The initial 250-record sample leak provided attackers with sufficient data to target high-profile influencers with tailored scams. While the actor’s June 8 threat to release the remaining 100,000 influencer records remained unfulfilled by June 25, the 250,000 ByteSizedBeauty user records were confirmed fully public as of June 14. No containment efforts, victim notifications, or organizational responses from Preen.Me were detailed in the available source material.