Reputation.com exposes 120 million logs in major data leak
Major online reputation management company Reputation.com, which serves hundreds of major brands, has exposed 120 million records containing backend system data. The leak includes session cookies that could lead to the abuse of customer social media accounts.
-
Reputation.com inadvertently exposed 320GB of logs, containing 120 million records with backend system data, including session cookies. The leak is now closed.
-
Threat actors can leverage the exposed data to take over customer social media accounts and manipulate online brand presence.
-
Hundreds of prominent brands, including Fortune 500 enterprises such as US Bank, Ford, GM, some BMW dealerships, and others, might be affected.
On August 18th, 2025, the Cybernews research team discovered a massive data chest exposed online, containing over 320GB of data and nearly 120 million records.
Without enforced authentication and access controls, any outsider could have unrestricted access to the internal service, which researchers attributed to Reputation.com, a leading online reputation management (ORM) and customer experience platform, used by many Fortune 500 companies and other major brands.
This server runs a data visualization and exploration tool that helps enterprises deal with large volumes of data. The publicly accessible instance exposed logs from multiple Reputation.com applications.
“This incident might severely impact many known brands using the platform. The logs contained cookies, which could be used for customer account takeovers, and other data from backend systems used by customers,” Cybernews researchers warn.
The massive data logs were organized into monthly indices. The names suggest that they log data related to general application activity, including events such as create, read, update, delete, etc.
Some of these indices held millions of documents and took up dozens of gigabytes of storage, indicating a very active system.
The information included these key categories (fields):
- Timestamps: that record precisely when the events happened
- Various Unique Identifiers: including things such as company_uid (unique company identifier), id, and session_id (for user sessions). Hundreds of major companies were identified
- Cookie Strings: that contain a lot of information about products and versions, users (accounts, names, permissions, features), and analytic and tracking information
- Other general data: including event data, contents, types, versions, and other logs
“It seems that the exposed server was used for a comprehensive logging and monitoring system, capturing every user and application interaction,” Cybernews researchers said.
Cybernews has responsibly and repeatedly attempted to disclose the issue to the company. However, the instance remains exposed at the time of writing. It was closed later following the publication. We reached out to Reputation.com for additional comments, but did not receive a response prior to publication. It’s unclear if any other third party accessed the data.
An inadvertent leak that can lead to severe consequences
Cybernews researchers warn that the leaked data presents numerous opportunities for threat actors to launch cyberattacks and scams.
The most straightforward way would be to abuse exposed integrations with platforms like Facebook, Instagram, X (Twitter), LinkedIn, or Google Business Profile.
Reputation.com’s Social Suite helps customers manage, publish, and analyze social channels, but hackers can abuse the cookies to attempt to publish damaging or manipulative content.
“Attackers could manipulate business listings, post inappropriate content, or disrupt marketing schedules, potentially inflicting major reputational and operational harm,” our researchers said.
Reputation also provides dashboards for social analytics, scheduling, sentiment tracking, and unified inboxes. Hackers could intercept or alter multi-channel communication, ranging from customer responses to surveys, notifications, PR campaign assets, etc.
“The leak severely impacts hundreds of prominent brands, including Fortune 500 enterprises such as US Bank, Ford, GM, and select BMW dealerships. Attackers can target the companies with damaging “fake posts,” malicious announcements, or manipulated trust signals,” our researchers warn.
Reputation.com is a leading platform in online reputation management (ORM) and customer experience. It helps thousands of companies across sectors such as automotive, healthcare, retail, and hospitality track, improve, and protect what people see about them online.
Reputation.com handles reviews and customer feedback and manages publishing across most social media and business listings, which significantly expands the potential attack surface.
Tokens need to be rotated
Such data leaks typically necessitate breach notifications to relevant regulatory bodies, in accordance with the requirements of various data protection regulations such as GDPR and CCPA.
Cybernews researchers recommend providing customers with a transparency report containing details on what data was exposed, who may be affected, and what actions are needed.
“The first step is to secure the instance immediately by enforcing authentication and access controls. Restricting access to only corporate VPN users or specific IP ranges can further narrow down who can access the data.”
Their report recommends auditing all other servers facing similar issues and taking the exposed systems offline until they’re fully secured.
“Rotate JSON Web Tokens (JWT) found in logs and used for authentication and authorization, if they don’t have expiration dates,” our researchers conclude.
Following the publication, the leak has now been closed. CISA played a crucial role in addressing the vulnerability.
Updated on November 13th [10:00 a.m. GMT] with a confirmation from CISA.
- Leak Discovered: August 18th, 2025
- Initial disclosure: August 19th, 2025
- CISA informed: September 2nd, 2025
- Leak closed: before November 13th, 2025
Unlock more exclusive Cybernews content on YouTube.
