A million at risk from user data leak at Korean beauty platform

Published: 23 March 2023
Last updated: 23 March 2023
Powder Room research
By Cybernews

South Korean beauty content platform, PowderRoom, has leaked users’ phone numbers and email and home addresses, exposing nearly one million people.

  • Established in 2003, PowderRoom is a South Korean beauty content platform connecting 3.5 million members and thousands of beauty brands
  • It calls itself the first and the biggest beauty community in South Korea that “allows you to experience new brand products faster than anyone else and share the experience”
  • It exposed up to a million users’ full names, phone numbers, emails, Instagram usernames and home addresses
  • The database was publicly available for over a year
  • Attackers could have exploited the data to launch phishing and device hijacking attacks, make unauthorized purchases, and stalk users
  • Cybernews reached out to PowderRoom and the Korean National Computer Emergency Response Team, and the data was secured
ADVERTISEMENT

The Cybernews research team discovered that the South Korean social platform, powderroom.co.kr – which markets itself as the nation’s biggest beauty community – was leaking the private data of a million users.

The platform exposed full names, phone numbers, emails, Instagram usernames, and even home addresses. Researchers estimate that the database was publicly available for over a year.

Backed by beauty-product manufacturers, PowderRoom has hundreds of thousands of followers on social media, and its Android app has been downloaded more than 100,000 times on Google Play.

On the platform, users can review beauty products while being encouraged to actively participate and receive perks.

Personal data leaked

On December 15, researchers found a publicly accessible database with nearly 140GB of data. Some server logs included entries containing personal information, such as names, phone numbers, and home addresses, along with metadata about user devices and browsers used to access the site. The dataset included over a million email addresses.

ADVERTISEMENT

Among the leaked data, researchers found a million tokens used for authentication and accessing the website.

Abusing them, threat actors could hijack user accounts and purchase products on the platform using the payment methods linked with the account. Additionally, attackers could modify account details, and post comments and reviews.

Leaking home addresses and phone numbers is a cause of concern, since exposing such information might lead to in-person stalking or harassment of the users of the platform.

How to protect yourself

Researchers urge the users of PowderRoom to take note of what personal information was compromised and take action to protect themselves.

The leaked data includes full names and email addresses, which could be exploited in phishing scams or other fraudulent activities.

“People whose data was leaked should be cautious of messages and emails that mention their name, especially from unknown sources,” said Cybernews. They also advise leak victims to “verify the authenticity of the message before clicking on any links.”

Exposed phone numbers put users at risk of SMS phishing or smishing, voicecall versions of the same known as vishing attacks, and SIM swapping. Users should be wary of calls and messages from unknown numbers and contact their phone service provider to add extra identity verification steps to their accounts.

The leaked dataset also contained user data, exposing what devices and web browsers they used to access the website. Threat actors could use such information for targeted attacks on a device and web browser.

Although the likelihood of such an attack is slim, users should remain vigilant and take protective measures, such as keeping their operating systems up to date and switching to a different web browser.

ADVERTISEMENT

While Instagram usernames were also made available to the public, those affected should consider changing their usernames or switching their account status to private and verifying any friend requests received to protect their privacy.

As the service provider in this case, PowderRoom should revoke leaked tokens, while users should take the precaution of verifying with customer support that theirs have been reset.

It is not the first leak that has affected the beauty industry. Last year, Cybernews researchers discovered that a shopping app belonging to Japanese beauty products brand Mosbeau had exposed the data of its customers, leaving their names, IDs, and chats with support agents for anyone to access.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked