South Korean beauty content platform, PowderRoom, was found to have leaked the personal data of up to a million users, including full names, phone numbers, emails, Instagram usernames, and home addresses.
Researchers estimate that the data was publicly available for over a year, putting users at risk of phishing, device hijacking, unauthorized purchases, and stalking.
PowderRoom is marketed as the first and biggest beauty community in South Korea, with hundreds of thousands of followers on social media and an Android app that has been downloaded over 100,000 times on Google Play.
The leak was discovered by Cybernews, which alerted PowderRoom and the Korean National Computer Emergency Response Team to secure the data.
Furthermore, the exposed information could be used for phishing scams, fraudulent activities, SMS phishing or smishing, vishing attacks, SIM swapping, targeted attacks on devices and web browsers, and in-person stalking or harassment.
Cybernews advises users to verify the authenticity of messages and emails mentioning their name, be cautious of calls and messages from unknown numbers, protect their privacy on Instagram by changing usernames or switching to private mode, and contact their phone service provider to add extra identity verification steps to their accounts.
Additionally, this is not the first data leak to affect the beauty industry. Last year, Cybernews researchers discovered that a shopping app belonging to Japanese beauty products brand Mosbeau had exposed the data of its customers, including their names, IDs, and chats with support agents.
The incidents highlight the need for stronger data protection measures in the industry, as well as greater awareness among users of the risks and precautions they can take to protect their personal information.
